mina-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Yigal Rachman <yi...@uvic.ca>
Subject Re: [jira] Commented: (DIRMINA-454) Trivial denial of service in TextLineDecoder
Date Mon, 15 Oct 2007 19:35:27 GMT
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
  <meta content="text/html;charset=utf-8" http-equiv="Content-Type">
<body bgcolor="#ffffff" text="#000000">
Hi, Folks:<br>
Another thing with this problem:  once the buffer has exceeded the
maximum line length, the decoder stops recognizing the termination
sequence, and is therefore doomed anyway.  Is there some elegant way to
reject the offending line and start over?<br>
Yigal Rachman<br>
Owen Jacobson (JIRA) wrote:
<blockquote cite="mid398218.1191648830563.JavaMail.jira@brutus"
  <pre wrap="">    [ <a class="moz-txt-link-freetext" href="https://issues.apache.org/jira/browse/DIRMINA-454?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12532828">https://issues.apache.org/jira/browse/DIRMINA-454?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12532828</a>

Owen Jacobson commented on DIRMINA-454:

Patch applies to the current 1.1.3 tag, incidentally.

  <blockquote type="cite">
    <pre wrap="">Trivial denial of service in TextLineDecoder

                Key: DIRMINA-454
                URL: <a class="moz-txt-link-freetext" href="https://issues.apache.org/jira/browse/DIRMINA-454">https://issues.apache.org/jira/browse/DIRMINA-454</a>
            Project: MINA
         Issue Type: Bug
         Components: Filter
   Affects Versions: 1.1.2
           Reporter: Owen Jacobson
        Attachments: no-dos.patch

In both of TextLineDecoder's decoding methods, the decoder only checks the size of input after
it's found at least one line ending character.  Infinitely long streams of, say, 'y's will
cause the decoder to try to buffer up data until the JVM falls over.
  <pre wrap=""><!---->

View raw message