[
https://issues.apache.org/jira/browse/THRIFT-6025?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Dmytro Shteflyuk updated THRIFT-6025:
-------------------------------------
Component/s: Ruby - Library
> Ruby client must validate container sizes
> -----------------------------------------
>
> Key: THRIFT-6025
> URL: https://issues.apache.org/jira/browse/THRIFT-6025
> Project: Thrift
> Issue Type: Bug
> Components: Ruby - Library
> Reporter: Dmytro Shteflyuk
> Assignee: Dmytro Shteflyuk
> Priority: Major
>
> The Ruby library accepts negative size values in protocol and transport read
> paths.
> In Thrift protocols, strings, binary fields, maps, lists, and sets include a
> size value on the wire. If that size is negative, the runtime should reject
> the message immediately as invalid input. Ruby was not doing that
> consistently.
> This affects both the pure Ruby implementation and the native C extension
> paths. A malformed or hostile payload can declare a negative size and reach
> code paths that were written assuming sizes are non-negative.
> h2. Scope
> Harden Ruby protocol and transport reads so negative sizes are rejected
> consistently for:
> * binary/string payload sizes
> * map sizes
> * list sizes
> * set sizes
> * transport read_all sizes
> * generated struct/union container reads
> * native accelerated Ruby paths
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
