Re: [jira] Commented: (DIRMINA-454) Trivial denial of service in TextLineDecoder

[Yigal Rachman]

Hi, Folks: Another thing with this problem:  once the buffer has exceeded the maximum line length, the decoder stops recognizing the termination sequence, and is therefore doomed anyway.  Is there some elegant way to reject the offending line and start over? Yigal Rachman Owen Jacobson (JIRA) wrote: [ https://issues.apache.org/jira/browse/DIRMINA-454?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12532828 ] Owen Jacobson commented on DIRMINA-454: --------------------------------------- Patch applies to the current 1.1.3 tag, incidentally. Trivial denial of service in TextLineDecoder -------------------------------------------- Key: DIRMINA-454 URL: https://issues.apache.org/jira/browse/DIRMINA-454 Project: MINA Issue Type: Bug Components: Filter Affects Versions: 1.1.2 Reporter: Owen Jacobson Attachments: no-dos.patch In both of TextLineDecoder's decoding methods, the decoder only checks the size of input after it's found at least one line ending character. Infinitely long streams of, say, 'y's will cause the decoder to try to buffer up data until the JVM falls over.