[jira] [Commented] (THRIFT-2660) Validate the bytes received in TSaslTransport

Tue, 19 Aug 2014 08:31:16 -0700 

    [ 
https://issues.apache.org/jira/browse/THRIFT-2660?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14102313#comment-14102313
 ] 

Jake Farrell commented on THRIFT-2660:
--------------------------------------

if its in the current trunk then it will get into the next rc, i've been 
working on the cross compile issues for arm based projects and was hoping to 
get that in as well. i might just push on that for the now and get this release 
candidate out

> Validate the bytes received in TSaslTransport
> ---------------------------------------------
>
>                 Key: THRIFT-2660
>                 URL: https://issues.apache.org/jira/browse/THRIFT-2660
>             Project: Thrift
>          Issue Type: Bug
>          Components: Java - Library
>    Affects Versions: 0.9
>            Reporter: Harsh J
>            Assignee: Roger Meier
>         Attachments: THRIFT-2660.patch, THRIFT-2660.patch
>
>
> In TSaslTransport#receiveSaslMessage, we are doing two things incorrectly:
> - Not validating the status byte code.
> - Not validating the decoded payload size integer before allocating a whole 
> array with it.
> The latter especially is bad when a network security software sends a thrift 
> server port some garbage data, causing it to receive failures like:
> {code}
> java.lang.OutOfMemoryError: Java heap space
>       at 
> org.apache.thrift.transport.TSaslTransport.receiveSaslMessage(TSaslTransport.java:181)
>       at 
> org.apache.thrift.transport.TSaslServerTransport.handleSaslStartMessage(TSaslServerTransport.java:125)
>       at 
> org.apache.thrift.transport.TSaslTransport.open(TSaslTransport.java:253)
> {code}
> Or even,
> {code}
> ERROR org.apache.thrift.server.TThreadPoolServer: Error occurred during 
> processing of message.
> java.lang.NegativeArraySizeException
>         at 
> org.apache.thrift.transport.TSaslTransport.receiveSaslMessage(TSaslTransport.java:181)
>         at 
> org.apache.thrift.transport.TSaslServerTransport.handleSaslStartMessage(TSaslServerTransport.java:125)
>         at 
> org.apache.thrift.transport.TSaslTransport.open(TSaslTransport.java:253)
> {code}



--
This message was sent by Atlassian JIRA
(v6.2#6252)

Reply via email to