Harsh J created THRIFT-2660:
-------------------------------
Summary: Validate the bytes received in TSaslTransport
Key: THRIFT-2660
URL: https://issues.apache.org/jira/browse/THRIFT-2660
Project: Thrift
Issue Type: Bug
Components: Java - Library
Affects Versions: 0.9
Reporter: Harsh J
Attachments: THRIFT-2660.patch
In TSaslTransport#receiveSaslMessage, we are doing two things incorrectly:
- Not validating the status byte code.
- Not validating the decoded payload size integer before allocating a whole
array with it.
The latter especially is bad when a network security software sends a thrift
server port some garbage data, causing it to receive failures like:
{code}
java.lang.OutOfMemoryError: Java heap space
at
org.apache.thrift.transport.TSaslTransport.receiveSaslMessage(TSaslTransport.java:181)
at
org.apache.thrift.transport.TSaslServerTransport.handleSaslStartMessage(TSaslServerTransport.java:125)
at
org.apache.thrift.transport.TSaslTransport.open(TSaslTransport.java:253)
{code}
Or even,
{code}
ERROR org.apache.thrift.server.TThreadPoolServer: Error occurred during
processing of message.
java.lang.NegativeArraySizeException
at
org.apache.thrift.transport.TSaslTransport.receiveSaslMessage(TSaslTransport.java:181)
at
org.apache.thrift.transport.TSaslServerTransport.handleSaslStartMessage(TSaslServerTransport.java:125)
at
org.apache.thrift.transport.TSaslTransport.open(TSaslTransport.java:253)
{code}
--
This message was sent by Atlassian JIRA
(v6.2#6252)
