Curd Reinert created SSHD-794:
---------------------------------
Summary: AbstractChannel.handleWindowAdjust(...) / Window.expand()
don't check for integer overflow
Key: SSHD-794
URL: https://issues.apache.org/jira/browse/SSHD-794
Project: MINA SSHD
Issue Type: Bug
Affects Versions: 0.14.0
Environment: Any.
Reporter: Curd Reinert
In AbstractChannel.handleWindowAdjust(Buffer), the window size is read from the
buffer and passed to the window. In Window.expand(int), the window is added to
the current size. If the current size is > 0 and the maximum allowed window
adjustment (2^31 -1) is passed, size will become negative. This causes a loop
when trying to read from / write to this channel which cosumes one processor
core.
The resulting size should be checked to be > 0.
I see that this has been done for the 1.x release. Any chance that this can be
fixed in 0.15?
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
