[GitHub] thrift pull request #1352: THRIFT-4326 Allow safer reuse of BufferedTranspor...

Sat, 09 Sep 2017 21:33:18 -0700 

GitHub user benweint opened a pull request:

    https://github.com/apache/thrift/pull/1352

    THRIFT-4326 Allow safer reuse of BufferedTransport instances in Ruby

    Addresses [THRIFT-4326](https://issues.apache.org/jira/browse/THRIFT-4326).
    
    ## The problem
    
    In the case where a single `Thrift::BufferedTransport` instance is re-used 
across multiple service calls, certain kinds of malformed responses from one 
service call can 'leak' into subsequent calls and cause them to fail with a 
`Thrift::ProtocolException`.
    
    The most easily reproducible example is when a service returns a 
well-formed Thrift response for the first service call, but with N extra bytes 
of garbage tacked onto the end.
    
    In such a case, the initial service call will be handled just fine (at 
least when using the compact protocol), however, the next N service calls that 
go through the same `Thrift::BufferedTransport` instance will fail with a 
`Thrift::ProtocolException`. This happens because the `BufferedTransport` 
doesn't re-set the `@rbuf` instance variable until the read buffer is fully 
exhausted, so each of the N subsequent service calls will attempt to read one 
byte identifying the protocol from the remaining buffer, and will get some 
bogus value from the garbage bytes at the end of the response from the initial 
service call.
    
    This can also happen if reading from `@rbuf` is interrupted part-way 
through, while `@index` is still pointing to the middle of the read buffer 
(e.g. due to a Ruby timeout exception).
    
    ## Proposed solution
    
    Re-setting the `@rbuf` instance variable to an empty byte buffer upon every 
call to `#flush` addresses this problem, and is conceptually similar to what 
happens in `HttpClientTransport#flush` (where `@inbuf` and `@outbuf` are both 
always reset).

You can merge this pull request into a Git repository by running:

    $ git pull https://github.com/benweint/thrift THRIFT-4326

Alternatively you can review and apply these changes as the patch at:

    https://github.com/apache/thrift/pull/1352.patch

To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:

    This closes #1352
    
----
commit 79936408af223c5df3fe8a52ec65873ccc32a255
Author: Ben Weintraub <[email protected]>
Date:   2017-09-10T04:17:42Z

    THRIFT-4326 Ensure rbuf in BufferedTransport reset upon flush to allow reuse

----


---

Reply via email to