[
https://issues.apache.org/jira/browse/THRIFT-2660?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14099972#comment-14099972
]
Roger Meier commented on THRIFT-2660:
-------------------------------------
Yes, why not. [~jfarrell] what do you think?
> Validate the bytes received in TSaslTransport
> ---------------------------------------------
>
> Key: THRIFT-2660
> URL: https://issues.apache.org/jira/browse/THRIFT-2660
> Project: Thrift
> Issue Type: Bug
> Components: Java - Library
> Affects Versions: 0.9
> Reporter: Harsh J
> Assignee: Roger Meier
> Attachments: THRIFT-2660.patch, THRIFT-2660.patch
>
>
> In TSaslTransport#receiveSaslMessage, we are doing two things incorrectly:
> - Not validating the status byte code.
> - Not validating the decoded payload size integer before allocating a whole
> array with it.
> The latter especially is bad when a network security software sends a thrift
> server port some garbage data, causing it to receive failures like:
> {code}
> java.lang.OutOfMemoryError: Java heap space
> at
> org.apache.thrift.transport.TSaslTransport.receiveSaslMessage(TSaslTransport.java:181)
> at
> org.apache.thrift.transport.TSaslServerTransport.handleSaslStartMessage(TSaslServerTransport.java:125)
> at
> org.apache.thrift.transport.TSaslTransport.open(TSaslTransport.java:253)
> {code}
> Or even,
> {code}
> ERROR org.apache.thrift.server.TThreadPoolServer: Error occurred during
> processing of message.
> java.lang.NegativeArraySizeException
> at
> org.apache.thrift.transport.TSaslTransport.receiveSaslMessage(TSaslTransport.java:181)
> at
> org.apache.thrift.transport.TSaslServerTransport.handleSaslStartMessage(TSaslServerTransport.java:125)
> at
> org.apache.thrift.transport.TSaslTransport.open(TSaslTransport.java:253)
> {code}
--
This message was sent by Atlassian JIRA
(v6.2#6252)
