Author: trustin
Date: Mon Oct 15 23:21:30 2007
New Revision: 585053
URL: http://svn.apache.org/viewvc?rev=585053&view=rev
Log:
Fixed issue: DIRMINA-454 (Trivial denial of service in TextLineDecoder)
* Applied Owen Jacobson's patch
Modified:
mina/branches/1.0/core/src/main/java/org/apache/mina/filter/codec/textline/TextLineDecoder.java
mina/branches/1.1/core/src/main/java/org/apache/mina/filter/codec/textline/TextLineDecoder.java
mina/trunk/core/src/main/java/org/apache/mina/filter/codec/textline/TextLineDecoder.java
Modified:
mina/branches/1.0/core/src/main/java/org/apache/mina/filter/codec/textline/TextLineDecoder.java
URL:
http://svn.apache.org/viewvc/mina/branches/1.0/core/src/main/java/org/apache/mina/filter/codec/textline/TextLineDecoder.java?rev=585053&r1=585052&r2=585053&view=diff
==============================================================================
---
mina/branches/1.0/core/src/main/java/org/apache/mina/filter/codec/textline/TextLineDecoder.java
(original)
+++
mina/branches/1.0/core/src/main/java/org/apache/mina/filter/codec/textline/TextLineDecoder.java
Mon Oct 15 23:21:30 2007
@@ -170,11 +170,7 @@
in.limit(pos);
in.position(oldPos);
- buf.put(in);
- if (buf.position() > maxLineLength) {
- throw new BufferDataException("Line is too long: "
- + buf.position());
- }
+ appendToOutput (in, buf);
buf.flip();
buf.limit(buf.limit() - matchCount);
out.write(buf.getString(decoder));
@@ -189,7 +185,7 @@
// Put remainder to buf.
in.position(oldPos);
- buf.put(in);
+ appendToOutput (in, buf);
return matchCount;
}
@@ -218,11 +214,7 @@
in.limit(pos);
in.position(oldPos);
- buf.put(in);
- if (buf.position() > maxLineLength) {
- throw new BufferDataException("Line is too long: "
- + buf.position());
- }
+ appendToOutput (in, buf);
buf.flip();
buf.limit(buf.limit() - matchCount);
out.write(buf.getString(decoder));
@@ -240,9 +232,17 @@
// Put remainder to buf.
in.position(oldPos);
- buf.put(in);
+ appendToOutput (in, buf);
return matchCount;
+ }
+
+ private void appendToOutput (ByteBuffer in, ByteBuffer buf) {
+ buf.put(in);
+ if (buf.position() > maxLineLength) {
+ throw new BufferDataException("Line is too long: "
+ + buf.position());
+ }
}
private class Context {
Modified:
mina/branches/1.1/core/src/main/java/org/apache/mina/filter/codec/textline/TextLineDecoder.java
URL:
http://svn.apache.org/viewvc/mina/branches/1.1/core/src/main/java/org/apache/mina/filter/codec/textline/TextLineDecoder.java?rev=585053&r1=585052&r2=585053&view=diff
==============================================================================
---
mina/branches/1.1/core/src/main/java/org/apache/mina/filter/codec/textline/TextLineDecoder.java
(original)
+++
mina/branches/1.1/core/src/main/java/org/apache/mina/filter/codec/textline/TextLineDecoder.java
Mon Oct 15 23:21:30 2007
@@ -168,11 +168,7 @@
in.limit(pos);
in.position(oldPos);
- buf.put(in);
- if (buf.position() > maxLineLength) {
- throw new BufferDataException("Line is too long: "
- + buf.position());
- }
+ appendToOutput (in, buf);
buf.flip();
buf.limit(buf.limit() - matchCount);
out.write(buf.getString(decoder));
@@ -187,7 +183,7 @@
// Put remainder to buf.
in.position(oldPos);
- buf.put(in);
+ appendToOutput (in, buf);
return matchCount;
}
@@ -216,11 +212,7 @@
in.limit(pos);
in.position(oldPos);
- buf.put(in);
- if (buf.position() > maxLineLength) {
- throw new BufferDataException("Line is too long: "
- + buf.position());
- }
+ appendToOutput (in, buf);
buf.flip();
buf.limit(buf.limit() - matchCount);
out.write(buf.getString(decoder));
@@ -238,9 +230,17 @@
// Put remainder to buf.
in.position(oldPos);
- buf.put(in);
+ appendToOutput (in, buf);
return matchCount;
+ }
+
+ private void appendToOutput (ByteBuffer in, ByteBuffer buf) {
+ buf.put(in);
+ if (buf.position() > maxLineLength) {
+ throw new BufferDataException("Line is too long: "
+ + buf.position());
+ }
}
private class Context {
Modified:
mina/trunk/core/src/main/java/org/apache/mina/filter/codec/textline/TextLineDecoder.java
URL:
http://svn.apache.org/viewvc/mina/trunk/core/src/main/java/org/apache/mina/filter/codec/textline/TextLineDecoder.java?rev=585053&r1=585052&r2=585053&view=diff
==============================================================================
---
mina/trunk/core/src/main/java/org/apache/mina/filter/codec/textline/TextLineDecoder.java
(original)
+++
mina/trunk/core/src/main/java/org/apache/mina/filter/codec/textline/TextLineDecoder.java
Mon Oct 15 23:21:30 2007
@@ -168,11 +168,7 @@
in.limit(pos);
in.position(oldPos);
- buf.put(in);
- if (buf.position() > maxLineLength) {
- throw new BufferDataException("Line is too long: "
- + buf.position());
- }
+ appendToOutput (in, buf);
buf.flip();
buf.limit(buf.limit() - matchCount);
out.write(buf.getString(decoder));
@@ -187,7 +183,7 @@
// Put remainder to buf.
in.position(oldPos);
- buf.put(in);
+ appendToOutput (in, buf);
return matchCount;
}
@@ -216,11 +212,7 @@
in.limit(pos);
in.position(oldPos);
- buf.put(in);
- if (buf.position() > maxLineLength) {
- throw new BufferDataException("Line is too long: "
- + buf.position());
- }
+ appendToOutput (in, buf);
buf.flip();
buf.limit(buf.limit() - matchCount);
out.write(buf.getString(decoder));
@@ -238,9 +230,17 @@
// Put remainder to buf.
in.position(oldPos);
- buf.put(in);
+ appendToOutput (in, buf);
return matchCount;
+ }
+
+ private void appendToOutput (ByteBuffer in, ByteBuffer buf) {
+ buf.put(in);
+ if (buf.position() > maxLineLength) {
+ throw new BufferDataException("Line is too long: "
+ + buf.position());
+ }
}
private class Context {
