bufferoverflow in c_glib buffered transport/socket client
---------------------------------------------------------
Key: THRIFT-1414
URL: https://issues.apache.org/jira/browse/THRIFT-1414
Project: Thrift
Issue Type: Bug
Components: C glib - Library
Affects Versions: 0.7
Environment: Server running on Windows 7 SP1 64bit based on csharp.
Client running on Ubuntu 11.04 Server 64 bit (fresh install) based on c_glib.
svn rev: 1190015M
Reporter: Christian Zimnick
Priority: Critical
Quote of comment in source:
-----------------------------------------------
if the buffer is still smaller than what we
want to read, then just read it directly.
-----------------------------------------------
But the code reading into the tempdata with size of the buffer and reading all
data into this.
file: lib/c_glib/transport/thrift_buffered_transport.c line 74/98
Also if the buffer is still bigger that what we want to read, then reading the
buffer size.
But recv blocks than and waiting of data if there nothing to read after the
receiving data len.
file: lib/c_glib/transport/thrift_buffered_transport.c line 118
i attached a patch that fix this problems but i dont know if all of this is
correct.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
