Return-Path: X-Original-To: apmail-cassandra-commits-archive@www.apache.org Delivered-To: apmail-cassandra-commits-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id E29BB17661 for ; Thu, 2 Oct 2014 08:11:38 +0000 (UTC) Received: (qmail 83240 invoked by uid 500); 2 Oct 2014 08:11:38 -0000 Delivered-To: apmail-cassandra-commits-archive@cassandra.apache.org Received: (qmail 83118 invoked by uid 500); 2 Oct 2014 08:11:38 -0000 Mailing-List: contact commits-help@cassandra.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@cassandra.apache.org Delivered-To: mailing list commits@cassandra.apache.org Received: (qmail 83069 invoked by uid 99); 2 Oct 2014 08:11:38 -0000 Received: from tyr.zones.apache.org (HELO tyr.zones.apache.org) (140.211.11.114) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 02 Oct 2014 08:11:38 +0000 Received: by tyr.zones.apache.org (Postfix, from userid 65534) id 4C228A0BBB7; Thu, 2 Oct 2014 08:11:38 +0000 (UTC) Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit From: slebresne@apache.org To: commits@cassandra.apache.org Date: Thu, 02 Oct 2014 08:11:38 -0000 Message-Id: <4ec4ddfed03d4b7c8f948ce560376105@git.apache.org> X-Mailer: ASF-Git Admin Mailer Subject: [1/2] git commit: Better validation of collection values Repository: cassandra Updated Branches: refs/heads/cassandra-2.1 b9826f5f0 -> 814e55af4 Better validation of collection values patch by slebresne; reviewed by thobbs for CASSANDRA-7833 Project: http://git-wip-us.apache.org/repos/asf/cassandra/repo Commit: http://git-wip-us.apache.org/repos/asf/cassandra/commit/1a096efe Tree: http://git-wip-us.apache.org/repos/asf/cassandra/tree/1a096efe Diff: http://git-wip-us.apache.org/repos/asf/cassandra/diff/1a096efe Branch: refs/heads/cassandra-2.1 Commit: 1a096efebb51a782bc31e4dfd35e4b7fb8dba56f Parents: cf60d1e Author: Sylvain Lebresne Authored: Thu Oct 2 09:47:44 2014 +0200 Committer: Sylvain Lebresne Committed: Thu Oct 2 09:47:44 2014 +0200 ---------------------------------------------------------------------- CHANGES.txt | 1 + src/java/org/apache/cassandra/serializers/ListSerializer.java | 2 ++ src/java/org/apache/cassandra/serializers/MapSerializer.java | 2 ++ src/java/org/apache/cassandra/serializers/SetSerializer.java | 2 ++ 4 files changed, 7 insertions(+) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/cassandra/blob/1a096efe/CHANGES.txt ---------------------------------------------------------------------- diff --git a/CHANGES.txt b/CHANGES.txt index 0e5a0d0..3454928 100644 --- a/CHANGES.txt +++ b/CHANGES.txt @@ -1,4 +1,5 @@ 2.0.11: + * Better validation of collection values (CASSANDRA-7833) * Fix possible overflow while sorting CL segments for replay (CASSANDRA-7992) * Increase nodetool Xmx (CASSANDRA-7956) * Archive any commitlog segments present at startup (CASSANDRA-6904) http://git-wip-us.apache.org/repos/asf/cassandra/blob/1a096efe/src/java/org/apache/cassandra/serializers/ListSerializer.java ---------------------------------------------------------------------- diff --git a/src/java/org/apache/cassandra/serializers/ListSerializer.java b/src/java/org/apache/cassandra/serializers/ListSerializer.java index 59f25d2..74cab7e 100644 --- a/src/java/org/apache/cassandra/serializers/ListSerializer.java +++ b/src/java/org/apache/cassandra/serializers/ListSerializer.java @@ -60,6 +60,8 @@ public class ListSerializer extends CollectionSerializer> elements.validate(databb); l.add(elements.deserialize(databb)); } + if (input.hasRemaining()) + throw new MarshalException("Unexpected extraneous bytes after list value"); return l; } catch (BufferUnderflowException e) http://git-wip-us.apache.org/repos/asf/cassandra/blob/1a096efe/src/java/org/apache/cassandra/serializers/MapSerializer.java ---------------------------------------------------------------------- diff --git a/src/java/org/apache/cassandra/serializers/MapSerializer.java b/src/java/org/apache/cassandra/serializers/MapSerializer.java index f79d07f..47515a1 100644 --- a/src/java/org/apache/cassandra/serializers/MapSerializer.java +++ b/src/java/org/apache/cassandra/serializers/MapSerializer.java @@ -68,6 +68,8 @@ public class MapSerializer extends CollectionSerializer> m.put(keys.deserialize(kbb), values.deserialize(vbb)); } + if (input.hasRemaining()) + throw new MarshalException("Unexpected extraneous bytes after map value"); return m; } catch (BufferUnderflowException e) http://git-wip-us.apache.org/repos/asf/cassandra/blob/1a096efe/src/java/org/apache/cassandra/serializers/SetSerializer.java ---------------------------------------------------------------------- diff --git a/src/java/org/apache/cassandra/serializers/SetSerializer.java b/src/java/org/apache/cassandra/serializers/SetSerializer.java index d6d7062..a6df281 100644 --- a/src/java/org/apache/cassandra/serializers/SetSerializer.java +++ b/src/java/org/apache/cassandra/serializers/SetSerializer.java @@ -60,6 +60,8 @@ public class SetSerializer extends CollectionSerializer> elements.validate(databb); l.add(elements.deserialize(databb)); } + if (input.hasRemaining()) + throw new MarshalException("Unexpected extraneous bytes after set value"); return l; } catch (BufferUnderflowException e)