[
https://issues.apache.org/struts/browse/WW-2030?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_41374
]
Lukasz Racon commented on WW-2030:
----------------------------------
IMHO if we are going to go with this solution it should not be optional but
mandatory. In other words Struts should always exclude values matching this
pattern. Else someone will upgrade, or define his/her own stack and forget this
one parameter, making his/her application vulnerable.
Since there is no escape string for OGNL, how about escaping the strings that
are inside expression: %{exprStr} would be converted to %{'exprStr'} then at
least exprStr would be set as a value instead of erasing it.
> DOS (continuos memory eating on an infinte loop) on form fields
> ---------------------------------------------------------------
>
> Key: WW-2030
> URL: https://issues.apache.org/struts/browse/WW-2030
> Project: Struts 2
> Issue Type: Bug
> Components: Value Stack
> Affects Versions: 2.0.8
> Reporter: Andrea Vettori
> Priority: Critical
> Attachments: Struts.diff, Struts2.diff, xwork.diff, xwork2.diff
>
>
> On a form with
> <s:textfield name="xxx">
> if the user enters %{xxx} as the value then
> com/opensymphony/xwork2/util/TextParseUtil.translateVariables enters an
> infinite loop eating about 1GB of ram in one second on my server.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
