[
https://issues.apache.org/jira/browse/THRIFT-4922?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Jens Geyer reopened THRIFT-4922:
--------------------------------
Assignee: Jens Geyer
> Sensitive information is leaked from TTransport through a TTransportException
> -----------------------------------------------------------------------------
>
> Key: THRIFT-4922
> URL: https://issues.apache.org/jira/browse/THRIFT-4922
> Project: Thrift
> Issue Type: Bug
> Components: Java - Library
> Affects Versions: 0.11.0, 0.12.0
> Environment: Ubuntu 16.04.3 LTS
> Open JDK version "1.8.0_191" build 25.191-b12
> Reporter: xiaoqin.fu
> Assignee: Jens Geyer
> Priority: Major
>
> In org.apache.thrift.transport.TTransport,
> public int readAll(byte[] buf, int off, int len)
> throws TTransportException {
> int got = 0;
> int ret = 0;
> while (got < len) {
> ret = read(buf, off+got, len-got);
> if (ret <= 0) {
> throw new TTransportException(
> "Cannot read. Remote side has closed. Tried to read "
> + len
> + " bytes, but only got "
> + got
> + " bytes. (This is often indicative of an internal
> error on the server side. Please check your server logs.)");
> }
> got += ret;
> }
> return got;
> }
>
> Sensitive information about expected and actual reading lengths (len, got) is
> leaked.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
