[jira] [Commented] (THRIFT-5021) Implement MAX_MESSAGE_SIZE and consolidate limits into a TConfiguration class

Jens Geyer (Jira) Wed, 24 Feb 2021 11:56:07 -0800


    [ 
https://issues.apache.org/jira/browse/THRIFT-5021?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17290223#comment-17290223
 ]


Jens Geyer commented on THRIFT-5021:
------------------------------------

CVE-2020-13949: potential DoS when processing untrusted Thrift payloads

> Implement MAX_MESSAGE_SIZE and consolidate limits into a TConfiguration class
> -----------------------------------------------------------------------------
>
>                 Key: THRIFT-5021
>                 URL: https://issues.apache.org/jira/browse/THRIFT-5021
>             Project: Thrift
>          Issue Type: Improvement
>          Components: netstd - Library
>            Reporter: Jens Geyer
>            Assignee: Jens Geyer
>            Priority: Major
>             Fix For: 0.14.0
>
>          Time Spent: 20m
>  Remaining Estimate: 0h
>
> This ticket has two related goals:
> a) to implement a new limit for the maximum message size similar to max 
> frames size etc
> b) consolidate and centralize all limits we have (max msg size,. max frame 
> size and max recursion depth) into one place in the code



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

[jira] [Commented] (THRIFT-5021) Implement MAX_MESSAGE_SIZE and consolidate limits into a TConfiguration class

Reply via email to