Code Review / common / thrift.git / commit
? search:
summary | shortlog | log | commit | commitdiff | review | tree
(parent: c6c01f2) | patch
Thrift-1643:Denial of Service attack in TBinaryProtocol.readString
authorJake Farrell <jfarrell@apache.org>
Fri, 12 Oct 2012 00:45:34 +0000 (00:45 +0000)
committerJake Farrell <jfarrell@apache.org>
Fri, 12 Oct 2012 00:45:34 +0000 (00:45 +0000)
commit1a15f7ceda9e0ed137a1a9808ed2a1b997ee78aa
treec15e0917299606acfd42734c8597184d96f8b220tree | snapshot
parentc6c01f26dbf8c8fdb218d67354ac68b1703e2e08commit | diff
Thrift-1643:Denial of Service attack in TBinaryProtocol.readString
Client: java
Patch: Niraj Tolia

In readString, if the string field's size is greater than the number of bytes remaining in the byte array to deserialize, libthrift will happily allocate a byte array of that size in readStringBody, filling the heap.

git-svn-id: https://svn.apache.org/repos/asf/thrift/branches/0.9.x@1397398 13f79535-47bb-0310-9956-ffa450edef68
lib/java/src/org/apache/thrift/protocol/TCompactProtocol.java diff | blob | history
lib/java/test/org/apache/thrift/protocol/TestTBinaryProtocol.java diff | blob | history
lib/java/test/org/apache/thrift/protocol/TestTCompactProtocol.java diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.