[jira] [Commented] (THRIFT-4924) An information leakage from TSocket

xiaoqin.fu (Jira) Fri, 13 Sep 2019 20:28:38 -0700


    [ 
https://issues.apache.org/jira/browse/THRIFT-4924?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16929659#comment-16929659
 ]


xiaoqin.fu commented on THRIFT-4924:
------------------------------------

How about this issue?
Should I also fix it using a PR?

> An information leakage from TSocket
> -----------------------------------
>
>                 Key: THRIFT-4924
>                 URL: https://issues.apache.org/jira/browse/THRIFT-4924
>             Project: Thrift
>          Issue Type: Bug
>          Components: Java - Library
>    Affects Versions: 0.11.0, 0.12.0
>         Environment: Ubuntu 16.04.3 LTS
> Open JDK version "1.8.0_191" build 25.191-b12  
>            Reporter: xiaoqin.fu
>            Priority: Major
>
> In org.apache.thrift.transport.TSocket,
>   public void close() {
>       ......
>     if (socket_ != null) {
>       try {
>         socket_.close();
>       } catch (IOException iox) {
>         LOGGER.warn("Could not close socket.", iox);
>       }
>       socket_ = null;
>     }
>   }
> Sensitive information about socket input stream or output stream may be 
> leaked. 
> The LOGGER.isWarnEnabled() conditional statement should be added to the 
> method close() and others such as TSocket(Socket socket) and setTimeout(int 
> timeout):
>   public void close() {
>       ......
>     if (socket_ != null) {
>       try {
>                       socket_.close();
>       } catch (IOException iox) {
>               if (LOGGER.isWarnEnabled())
>                       LOGGER.warn("Could not close socket.", iox);
>       }
>       socket_ = null;
>     }
>   }



--
This message was sent by Atlassian Jira
(v8.3.2#803003)

[jira] [Commented] (THRIFT-4924) An information leakage from TSocket

Reply via email to