Code Review / common / thrift.git / commit
? search:
summary | shortlog | log | commit | commitdiff | review | tree
(parent: 6fcecd4) | patch
THRIFT-1643:Denial of Service attack in TBinaryProtocol.readString
authorJake Farrell <jfarrell@apache.org>
Fri, 12 Oct 2012 00:43:13 +0000 (00:43 +0000)
committerJake Farrell <jfarrell@apache.org>
Fri, 12 Oct 2012 00:43:13 +0000 (00:43 +0000)
commit435e1c4f70bd5216676a7cded0448fb8bc564989
treee0d256b669a1994e404175e9e1320548a2d8f36ctree | snapshot
parent6fcecd45a715c02452af6674f44e8edb6b0a2f42commit | diff
THRIFT-1643:Denial of Service attack in TBinaryProtocol.readString
Client: java
Patch: Niraj Tolia

In readString, if the string field's size is greater than the number of bytes remaining in the byte array to deserialize, libthrift will happily allocate a byte array of that size in readStringBody, filling the heap.

git-svn-id: https://svn.apache.org/repos/asf/thrift/trunk@1397397 13f79535-47bb-0310-9956-ffa450edef68
lib/java/src/org/apache/thrift/protocol/TCompactProtocol.java diff | blob | history
lib/java/test/org/apache/thrift/protocol/TestTBinaryProtocol.java diff | blob | history
lib/java/test/org/apache/thrift/protocol/TestTCompactProtocol.java diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.