mina-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Owen Jacobson (JIRA)" <j...@apache.org>
Subject [jira] Commented: (DIRMINA-454) Trivial denial of service in TextLineDecoder
Date Sat, 06 Oct 2007 04:55:51 GMT

    [ https://issues.apache.org/jira/browse/DIRMINA-454?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12532823

Owen Jacobson commented on DIRMINA-454:

It seems to me that there's no reason to buffer up more than (maximum encoding size) * (line
length) bytes + overflow from one receive call, anyways.  For practical purposes the maximum
encoding size is 4 bytes, I believe.

Alternately, the line length cap should either be replaced or augmented by a byte length cap
(defaulting to the above, maybe) to give users a little more control over whether or not to
die of OutOfMemoryErrors.

> Trivial denial of service in TextLineDecoder
> --------------------------------------------
>                 Key: DIRMINA-454
>                 URL: https://issues.apache.org/jira/browse/DIRMINA-454
>             Project: MINA
>          Issue Type: Bug
>          Components: Filter
>    Affects Versions: 1.1.2
>            Reporter: Owen Jacobson
> In both of TextLineDecoder's decoding methods, the decoder only checks the size of input
after it's found at least one line ending character.  Infinitely long streams of, say, 'y's
will cause the decoder to try to buffer up data until the JVM falls over.

This message is automatically generated by JIRA.
You can reply to this email to add a comment to the issue online.

View raw message