[jira] [Comment Edited] (AVRO-1610) HttpTransceiver.java allocates arbitrary amount of memory

[Clement Pellerin (JIRA)]

    [ 
https://issues.apache.org/jira/browse/AVRO-1610?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15456561#comment-15456561
 ] 

Clement Pellerin edited comment on AVRO-1610 at 9/1/16 8:47 PM:
----------------------------------------------------------------

It looks like I don't have permissions to attach files. That option is not 
under the More button.
I tried embedding it in a comment but the wiki mangles the lines.
How do you want me to submit a patch? I don't use git.


was (Author: clement_pelle...@ibi.com):
It looks like I don't have permissions to attach files. That option is not 
under the More button.
Here is the patch.

*** HttpTransceiver.java        2016-09-01 16:12:05.371015400 -0400
--- 
C:\temp\avro-src-1.8.1\lang\java\ipc\src\main\java\org\apache\avro\ipc\HttpTransceiver.java
 2016-05-14 20:38:52.000000000 -0400
***************
*** 96,110 ****
      throws IOException {
      List<ByteBuffer> buffers = new ArrayList<ByteBuffer>();
      while (true) {
!       int b0 = in.read();
!       int b1 = in.read();
!       int b2 = in.read();
!       int b3 = in.read();
!       if (b0 < 0 || b1 < 0 || b2 < 0 || b3 < 0) {
!         // missing terminating zero-length buffer
!         throw new EOFException("Unexpected EOF");
!       }
!       int length = (b0<<24)+(b1<<16)+(b2<<8)+b3;
        if (length == 0) {                       // end of buffers
          return buffers;
        }
--- 96,102 ----
      throws IOException {
      List<ByteBuffer> buffers = new ArrayList<ByteBuffer>();
      while (true) {
!       int length = (in.read()<<24)+(in.read()<<16)+(in.read()<<8)+in.read();
        if (length == 0) {                       // end of buffers
          return buffers;
        }



> HttpTransceiver.java allocates arbitrary amount of memory
> ---------------------------------------------------------
>
>                 Key: AVRO-1610
>                 URL: https://issues.apache.org/jira/browse/AVRO-1610
>             Project: Avro
>          Issue Type: Bug
>          Components: java
>    Affects Versions: 1.7.7
>            Reporter: Philip Zeyliger
>
> In {{HttpTransceiver.java}}, Avro does:
> {code}
>       int length = (in.read()<<24)+(in.read()<<16)+(in.read()<<8)+in.read();
>       if (length == 0) {                       // end of buffers
>         return buffers;
>       }
>       ByteBuffer buffer = ByteBuffer.allocate(length);
> {code}
> This means that badly formatted input (like that produced by {{curl 
> http://host/ --data foo}} and many common security scanners) will trigger an 
> OutOfMemory exception.  This is undesirable, especially combined with setups 
> that kill the process on out of memory exceptions.
> This bug is similar in spirit to AVRO-1111.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)