[jira] [Created] (THRIFT-4928) Sensitive information about expected and actual reading lengths (len, got) is leaked from TIOStreamTransport to TTransport through a TTransportException

xiaoqin.fu (JIRA) Sat, 17 Aug 2019 08:33:08 -0700

xiaoqin.fu created THRIFT-4928:
----------------------------------

             Summary: Sensitive information about expected and actual reading 
lengths (len, got) is leaked from TIOStreamTransport to TTransport through a 
TTransportException
                 Key: THRIFT-4928
                 URL: https://issues.apache.org/jira/browse/THRIFT-4928
             Project: Thrift
          Issue Type: Bug
          Components: Java - Library
    Affects Versions: 0.12.0, 0.11.0
         Environment:   Ubuntu 16.04.3 LTS
        Open JDK version "1.8.0_191" build 25.191-b12
            Reporter: xiaoqin.fu



  The source: org.apache.thrift.transport.TIOStreamTransport:
    public int read(byte[] buf, int off, int len) throws TTransportException {
    if (inputStream_ == null) {
      throw new TTransportException(TTransportException.NOT_OPEN, "Cannot read 
from null inputStream");
    }
    int bytesRead;
        ......
      bytesRead = inputStream_.read(buf, off, len);
        ......
  }
  
  The sink: org.apache.thrift.transport.TTransport, 
  public int readAll(byte[] buf, int off, int len)
        throws TTransportException {
        ......  
        if (ret <= 0) {
                throw new TTransportException(
                "Cannot read. Remote side has closed. Tried to read "
                        + len
                        + " bytes, but only got "
                        + got
                        + " bytes. (This is often indicative of an internal 
error on the server side. Please check your server logs.)");
                }
        ......
  }
  Sensitive information about expected and actual reading lengths (len, got) is 
leaked.
  The tainted path:
   org.apache.thrift.transport.TIOStreamTransport --> 
   org.apache.thrift.transport.TTransport
   



--
This message was sent by Atlassian JIRA
(v7.6.14#76016)

[jira] [Created] (THRIFT-4928) Sensitive information about expected and actual reading lengths (len, got) is leaked from TIOStreamTransport to TTransport through a TTransportException

Reply via email to