[jira] [Updated] (AVRO-3837) Disallow invalid namespaces for the Rust binding
[ https://issues.apache.org/jira/browse/AVRO-3837?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] ASF GitHub Bot updated AVRO-3837: - Labels: pull-request-available (was: ) > Disallow invalid namespaces for the Rust binding > > > Key: AVRO-3837 > URL: https://issues.apache.org/jira/browse/AVRO-3837 > Project: Apache Avro > Issue Type: Bug > Components: rust >Affects Versions: 1.12.0 >Reporter: Kousuke Saruta >Priority: Major > Labels: pull-request-available > Time Spent: 10m > Remaining Estimate: 0h > > The current Rust binding doesn't accept invalid namespaces if such namespaces > are in a name field. > {code} > { > "name": "ns1.invalid-ns.record1", > "type": "record" > "fields": [] > } > {code} > But, even if a invalid namespace is in a namespace field, the Rust binding > accept such namespaces. > {code} > { > "name": "record1", > "namespace": "ns1.invalid-ns", > "type": "record", > "fields": [] > } > {code} -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Updated] (AVRO-3837) Disallow invalid namespaces for the Rust binding
[ https://issues.apache.org/jira/browse/AVRO-3837?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Kousuke Saruta updated AVRO-3837: - Description: The current Rust binding doesn't accept invalid namespaces if such namespaces are in a name field. {code} { "name": "ns1.invalid-ns.record1", "type": "record" "fields": [] } {code} But, even if a invalid namespace is in a namespace field, the Rust binding accept such namespaces. {code} { "name": "record1", "namespace": "ns1.invalid-ns", "type": "record", "fields": [] } {code} was: The current Rust binding doesn't accept invalid namespaces if such namespaces are in a name field. {code} { "name": "ns1.invalid-ns.record1", "type": "record" "fields": [] } {code} But, even if a invalid namespace is in a namespace field, the Rust binding accept such namespaces. {code} "name": "record1", "namespace": "ns1.invalid-ns", "type": "record", "fields": [] } {code} > Disallow invalid namespaces for the Rust binding > > > Key: AVRO-3837 > URL: https://issues.apache.org/jira/browse/AVRO-3837 > Project: Apache Avro > Issue Type: Bug > Components: rust >Affects Versions: 1.12.0 >Reporter: Kousuke Saruta >Priority: Major > > The current Rust binding doesn't accept invalid namespaces if such namespaces > are in a name field. > {code} > { > "name": "ns1.invalid-ns.record1", > "type": "record" > "fields": [] > } > {code} > But, even if a invalid namespace is in a namespace field, the Rust binding > accept such namespaces. > {code} > { > "name": "record1", > "namespace": "ns1.invalid-ns", > "type": "record", > "fields": [] > } > {code} -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Updated] (AVRO-3837) Disallow invalid namespaces for the Rust binding
[ https://issues.apache.org/jira/browse/AVRO-3837?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Kousuke Saruta updated AVRO-3837: - Description: The current Rust binding doesn't accept invalid namespaces if such namespaces are in a name field. {code} { "name": "ns1.invalid-ns.record1", "type": "record" "fields": [] } {code} But, even if a invalid namespace is in a namespace field, the Rust binding accept such namespaces. {code} "name": "record1", "namespace": "ns1.invalid-ns", "type": "record", "fields": [] } {code} was: The current Rust binding doesn't accept invalid namespaces if such namespaces are in name field. {code} { "name": "ns1.invalid-ns.record1", "type": "record" "fields": [] } {code} But if a invalid namespace in namespace field doesn't validate. {code} "name": "record1", "namespace": "ns1.invalid-ns", "type": "record", "fields": [] } {code} > Disallow invalid namespaces for the Rust binding > > > Key: AVRO-3837 > URL: https://issues.apache.org/jira/browse/AVRO-3837 > Project: Apache Avro > Issue Type: Bug > Components: rust >Affects Versions: 1.12.0 >Reporter: Kousuke Saruta >Priority: Major > > The current Rust binding doesn't accept invalid namespaces if such namespaces > are in a name field. > {code} > { > "name": "ns1.invalid-ns.record1", > "type": "record" > "fields": [] > } > {code} > But, even if a invalid namespace is in a namespace field, the Rust binding > accept such namespaces. > {code} > "name": "record1", > "namespace": "ns1.invalid-ns", > "type": "record", > "fields": [] > } > {code} -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Updated] (AVRO-3837) Disallow invalid namespaces for the Rust binding
[ https://issues.apache.org/jira/browse/AVRO-3837?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Kousuke Saruta updated AVRO-3837: - Summary: Disallow invalid namespaces for the Rust binding (was: Disallow invalid namespace for the Rust binding) > Disallow invalid namespaces for the Rust binding > > > Key: AVRO-3837 > URL: https://issues.apache.org/jira/browse/AVRO-3837 > Project: Apache Avro > Issue Type: Bug > Components: rust >Affects Versions: 1.12.0 >Reporter: Kousuke Saruta >Priority: Major > > The current Rust binding doesn't accept invalid namespaces if such namespaces > are in name field. > {code} > { > "name": "ns1.invalid-ns.record1", > "type": "record" > "fields": [] > } > {code} > But if a invalid namespace in namespace field doesn't validate. > {code} > "name": "record1", > "namespace": "ns1.invalid-ns", > "type": "record", > "fields": [] > } > {code} -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Commented] (AVRO-3819) [Java] Rationalize the system properties that limit allocation
[ https://issues.apache.org/jira/browse/AVRO-3819?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17756243#comment-17756243 ] ASF subversion and git services commented on AVRO-3819: --- Commit e2e57aac2d03589c14a3298be95f78481d8b4d51 in avro's branch refs/heads/branch-1.11 from Ryan Skraba [ https://gitbox.apache.org/repos/asf?p=avro.git;h=e2e57aac2 ] AVRO-3819: Centralize system properties that limit allocations (#2432) > [Java] Rationalize the system properties that limit allocation > -- > > Key: AVRO-3819 > URL: https://issues.apache.org/jira/browse/AVRO-3819 > Project: Apache Avro > Issue Type: Bug > Components: java >Reporter: Ryan Skraba >Assignee: Ryan Skraba >Priority: Major > Labels: pull-request-available > Fix For: 1.11.3 > > Time Spent: 1h > Remaining Estimate: 0h > > There are currently some system properties that limit datum allocation size: > * org.apache.avro.limits.byte.maxLength > * org.apache.avro.limits.string.maxLength > These are hidden in two different classes (Utf8 and BinaryDecoder). It would > make sense to centralize them in one place to make it clearer how to limit > the damage untrusted data could do while deserializing. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[GitHub] [avro] RyanSkraba commented on a diff in pull request #2432: AVRO-3819: Centralize system properties that limit allocations
RyanSkraba commented on code in PR #2432: URL: https://github.com/apache/avro/pull/2432#discussion_r1299131431 ## lang/java/avro/src/main/java/org/apache/avro/Schema.java: ## @@ -1295,8 +1295,7 @@ private static class FixedSchema extends NamedSchema { public FixedSchema(Name name, String doc, int size) { super(Type.FIXED, name, doc); - if (size < 0) -throw new IllegalArgumentException("Invalid fixed size: " + size); + SystemLimitException.checkMaxBytesLength(size); Review Comment: Oh pardon, I missed this comment between rebasing and cherry-picking! I don't think it's a big deal, but I'll pick this up in the next change to Schema. Thanks! -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@avro.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[jira] [Resolved] (AVRO-3819) [Java] Rationalize the system properties that limit allocation
[ https://issues.apache.org/jira/browse/AVRO-3819?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Ryan Skraba resolved AVRO-3819. --- Resolution: Fixed > [Java] Rationalize the system properties that limit allocation > -- > > Key: AVRO-3819 > URL: https://issues.apache.org/jira/browse/AVRO-3819 > Project: Apache Avro > Issue Type: Bug > Components: java >Reporter: Ryan Skraba >Assignee: Ryan Skraba >Priority: Major > Labels: pull-request-available > Fix For: 1.11.3 > > Time Spent: 50m > Remaining Estimate: 0h > > There are currently some system properties that limit datum allocation size: > * org.apache.avro.limits.byte.maxLength > * org.apache.avro.limits.string.maxLength > These are hidden in two different classes (Utf8 and BinaryDecoder). It would > make sense to centralize them in one place to make it clearer how to limit > the damage untrusted data could do while deserializing. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Commented] (AVRO-3819) [Java] Rationalize the system properties that limit allocation
[ https://issues.apache.org/jira/browse/AVRO-3819?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17756239#comment-17756239 ] ASF subversion and git services commented on AVRO-3819: --- Commit a12a7e44ddbe060c3dc731863cad5c15f9267828 in avro's branch refs/heads/master from Ryan Skraba [ https://gitbox.apache.org/repos/asf?p=avro.git;h=a12a7e44d ] AVRO-3819: Centralize system properties that limit allocations (#2432) > [Java] Rationalize the system properties that limit allocation > -- > > Key: AVRO-3819 > URL: https://issues.apache.org/jira/browse/AVRO-3819 > Project: Apache Avro > Issue Type: Bug > Components: java >Reporter: Ryan Skraba >Assignee: Ryan Skraba >Priority: Major > Labels: pull-request-available > Fix For: 1.11.3 > > Time Spent: 50m > Remaining Estimate: 0h > > There are currently some system properties that limit datum allocation size: > * org.apache.avro.limits.byte.maxLength > * org.apache.avro.limits.string.maxLength > These are hidden in two different classes (Utf8 and BinaryDecoder). It would > make sense to centralize them in one place to make it clearer how to limit > the damage untrusted data could do while deserializing. -- This message was sent by Atlassian Jira (v8.20.10#820010)