Return-Path: Delivered-To: apmail-mina-dev-archive@www.apache.org Received: (qmail 56721 invoked from network); 31 Oct 2007 04:02:14 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.2) by minotaur.apache.org with SMTP; 31 Oct 2007 04:02:14 -0000 Received: (qmail 6523 invoked by uid 500); 31 Oct 2007 04:02:02 -0000 Delivered-To: apmail-mina-dev-archive@mina.apache.org Received: (qmail 6156 invoked by uid 500); 31 Oct 2007 04:02:01 -0000 Mailing-List: contact dev-help@mina.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@mina.apache.org Delivered-To: mailing list dev@mina.apache.org Received: (qmail 6147 invoked by uid 99); 31 Oct 2007 04:02:01 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 30 Oct 2007 21:02:01 -0700 X-ASF-Spam-Status: No, hits=-100.0 required=10.0 tests=ALL_TRUSTED X-Spam-Check-By: apache.org Received: from [140.211.11.4] (HELO brutus.apache.org) (140.211.11.4) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 31 Oct 2007 04:02:25 +0000 Received: from brutus (localhost [127.0.0.1]) by brutus.apache.org (Postfix) with ESMTP id D1AD1714204 for ; Tue, 30 Oct 2007 21:01:50 -0700 (PDT) Message-ID: <22941827.1193803310856.JavaMail.jira@brutus> Date: Tue, 30 Oct 2007 21:01:50 -0700 (PDT) From: "Trustin Lee (JIRA)" To: dev@mina.apache.org Subject: [jira] Commented: (DIRMINA-454) Trivial denial of service in TextLineDecoder In-Reply-To: <13950906.1191646430602.JavaMail.jira@brutus> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-Virus-Checked: Checked by ClamAV on apache.org [ https://issues.apache.org/jira/browse/DIRMINA-454?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12538979 ] Trustin Lee commented on DIRMINA-454: ------------------------------------- Thanks for testing the fix and closing this issue. :) > Trivial denial of service in TextLineDecoder > -------------------------------------------- > > Key: DIRMINA-454 > URL: https://issues.apache.org/jira/browse/DIRMINA-454 > Project: MINA > Issue Type: Bug > Components: Filter > Affects Versions: 1.0.6, 1.1.3 > Reporter: Owen Jacobson > Assignee: Trustin Lee > Fix For: 1.0.7, 1.1.4 > > Attachments: no-dos.patch > > > In both of TextLineDecoder's decoding methods, the decoder only checks the size of input after it's found at least one line ending character. Infinitely long streams of, say, 'y's will cause the decoder to try to buffer up data until the JVM falls over. -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online.