thrift-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Christian Ciach (JIRA)" <j...@apache.org>
Subject [jira] [Comment Edited] (THRIFT-4362) Missing size-check can lead to huge memory allocation
Date Fri, 20 Oct 2017 10:39:00 GMT

    [ https://issues.apache.org/jira/browse/THRIFT-4362?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16212477#comment-16212477
] 

Christian Ciach edited comment on THRIFT-4362 at 10/20/17 10:38 AM:
--------------------------------------------------------------------

Do you think I can submit this patch as-is or do you have any suggestions for improvement?

Edit: As mentioned, with my patch the size may be checked multiple times. So I think it's
a good idea to remove the other calls to the size-check method.


was (Author: christianciach):
Do you think I can submit this patch as-is or do you have any suggestions for improvement?

> Missing size-check can lead to huge memory allocation
> -----------------------------------------------------
>
>                 Key: THRIFT-4362
>                 URL: https://issues.apache.org/jira/browse/THRIFT-4362
>             Project: Thrift
>          Issue Type: Bug
>          Components: Java - Library
>    Affects Versions: 0.9.3, 0.10.0
>            Reporter: Christian Ciach
>            Assignee: James E. King, III
>         Attachments: check-size.patch
>
>
> In some cases the method {{org.apache.thrift.protocol.TBinaryProtocol.readStringBody(int
size)}} gets called with a "size" parameter that has not been validated by the existing method
{{checkStringReadLength(int size)}}.
> This is true if the method is called by {{readMessageBegin()}} of the same class. The
method {{readString()}} checks the size correctly before calling {{readStringBody(int size)}}.
> Since the methods {{readStringBody(int size)}} and {{readMessageBegin()}} are public,
there may be other callers who don't check the size correctly.
> We encountered this issue in production several times. Because of this we are currently
using our own patched version of libthrift-0.9.3. The patch is attached, but it is surely
not the best solution, because with this patch the size may be checked twice, depending on
the caller.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

Mime
View raw message