[
https://issues.apache.org/jira/browse/DIRMINA-454?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12535018
]
Trustin Lee commented on DIRMINA-454:
-------------------------------------
Yigal Rachman wrote:
Another thing with this problem: once the buffer has exceeded the maximum line
length, the decoder stops recognizing the termination sequence, and is
therefore doomed anyway. Is there some elegant way to reject the offending
line and start over?
> Trivial denial of service in TextLineDecoder
> --------------------------------------------
>
> Key: DIRMINA-454
> URL: https://issues.apache.org/jira/browse/DIRMINA-454
> Project: MINA
> Issue Type: Bug
> Components: Filter
> Affects Versions: 1.1.2
> Reporter: Owen Jacobson
> Attachments: no-dos.patch
>
>
> In both of TextLineDecoder's decoding methods, the decoder only checks the
> size of input after it's found at least one line ending character.
> Infinitely long streams of, say, 'y's will cause the decoder to try to buffer
> up data until the JVM falls over.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
