[ https://issues.apache.org/jira/browse/THRIFT-3930?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15628188#comment-15628188 ]
Claudius Heine commented on THRIFT-3930: ---------------------------------------- I think its more an issue with the client/server application than with the TJSONProtocol. Since the server/client are getting the exception of the JSONProtocol but they didn't react to it correctly. > C++ JSON protocol gets unresponsive when feed with invalid data > --------------------------------------------------------------- > > Key: THRIFT-3930 > URL: https://issues.apache.org/jira/browse/THRIFT-3930 > Project: Thrift > Issue Type: Bug > Components: C++ - Library > Affects Versions: 0.9.3 > Environment: Linux armv7 > Reporter: Pascal Bach > Labels: security > > When I send invalid data to service via TJSONProtocol it gets unresponsive > until all the data is processed. > When I send for example the following string via POST: > {{[1,"0123456789",1,0,{"1":{"str":"0123456789"}}]0123456789"}} > The server responds with: > {{[1,"0123456789",3,0,{"1":{"str":"Invalid method name: > '0123456789'"},"2":{"i32":1}}]}} > On the server side I get messages like: > {{Thrift: Fri Jan 1 00:10:52 2010 TConnectedClient protocol exception: > Expected '['; got '6'.}} > This messages keep coming long after the response was already received. > If multiple requests like the ones above are made the server is blocked for a > long time doing nothing but printing the above mentioned messages. > This allows to easily do denial of service towards the server. -- This message was sent by Atlassian JIRA (v6.3.4#6332)