Jens Geyer created THRIFT-6030:
----------------------------------
Summary: Harden Erlang protocol negative sizes
Key: THRIFT-6030
URL: https://issues.apache.org/jira/browse/THRIFT-6030
Project: Thrift
Issue Type: Bug
Components: Erlang - Library
Reporter: Jens Geyer
The Erlang library does not validate negative sizes when reading Thrift
payloads.
Size values appear in binary/string fields and in map/list/set headers. Those
values must be non-negative. In {{thrift_binary_protocol.erl}}, the
{{read(map_begin)}}, {{read(list_begin)}}, and {{read(set_begin)} clauses
return the raw signed integer size without any negative check.
Note: the existing {{Sz < 0}} guard in {{read(message_begin)}} is for protocol
version detection (old-style message framing), not size validation.
This is a protocol hardening gap compared with other runtimes such as C++,
Java, Python, Go, and c_glib, which all raise a NEGATIVE_SIZE exception.
The fix should add a negative-size check (raising a protocol error) after
reading the size in each container read clause.
See THRIFT-6025 for the equivalent Ruby fix.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
