[
https://issues.apache.org/jira/browse/DIRMINA-454?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Trustin Lee resolved DIRMINA-454.
---------------------------------
Resolution: Fixed
Thank you very much for the patch and the inspiration. The bug has been fixed.
I made sure OOM is not thrown anymore and decoder continues to decode even
after too long text line. Please confirm if the bug has been fixed and close
this issue.
One difference from no-dos.patch is that OOM is not thrown immediately. It
keeps discarding incoming data when client sends too long line, and throws an
OOM error when EOL (line delimiter) is encountered. It was necessary behavior
to make the decoder continue to work even after encountering broken data.
ProtocolCodecFilter also has been improved to continue decoding after an
exception is thrown. Please refer to the svn commit log for the detailed
information. All these changes shouldn't affect existing applications.
> Trivial denial of service in TextLineDecoder
> --------------------------------------------
>
> Key: DIRMINA-454
> URL: https://issues.apache.org/jira/browse/DIRMINA-454
> Project: MINA
> Issue Type: Bug
> Components: Filter
> Affects Versions: 1.0.6, 1.1.3
> Reporter: Owen Jacobson
> Assignee: Trustin Lee
> Fix For: 1.1.4, 1.0.7
>
> Attachments: no-dos.patch
>
>
> In both of TextLineDecoder's decoding methods, the decoder only checks the
> size of input after it's found at least one line ending character.
> Infinitely long streams of, say, 'y's will cause the decoder to try to buffer
> up data until the JVM falls over.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
