[ https://issues.apache.org/jira/browse/THRIFT-3930?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
James E. King III closed THRIFT-3930. ------------------------------------- Resolution: Cannot Reproduce Assignee: James E. King III Closing based on comment - cannot reproduce. > C++ JSON protocol gets unresponsive when feed with invalid data > --------------------------------------------------------------- > > Key: THRIFT-3930 > URL: https://issues.apache.org/jira/browse/THRIFT-3930 > Project: Thrift > Issue Type: Bug > Components: C++ - Library > Affects Versions: 0.9.3 > Environment: Linux armv7 > Reporter: Pascal Bach > Assignee: James E. King III > Priority: Major > Labels: security > > When I send invalid data to service via TJSONProtocol it gets unresponsive > until all the data is processed. > When I send for example the following string via POST: > {{[1,"0123456789",1,0,{"1":{"str":"0123456789"}}]0123456789"}} > The server responds with: > {{[1,"0123456789",3,0,{"1":{"str":"Invalid method name: > '0123456789'"},"2":{"i32":1}}]}} > On the server side I get messages like: > {{Thrift: Fri Jan 1 00:10:52 2010 TConnectedClient protocol exception: > Expected '['; got '6'.}} > This messages keep coming long after the response was already received. > If multiple requests like the ones above are made the server is blocked for a > long time doing nothing but printing the above mentioned messages. > This allows to easily do denial of service towards the server. -- This message was sent by Atlassian JIRA (v7.6.3#76005)