Jens Geyer created THRIFT-6036:
----------------------------------
Summary: Harden JavaME protocol negative sizes
Key: THRIFT-6036
URL: https://issues.apache.org/jira/browse/THRIFT-6036
Project: Thrift
Issue Type: Bug
Components: JavaME - Library
Reporter: Jens Geyer
The JavaME library does not validate negative sizes when reading Thrift
payloads.
Size values appear in binary/string fields and in map/list/set headers. Those
values must be non-negative. Unlike the standard Java library
(org.apache.thrift), the JavaME TBinaryProtocol does not include negative-size
checks in readMapBegin, readListBegin, readSetBegin, readString/readStringBody,
or readBinary.
Note: the existing size < 0 check in readMessageBegin is for protocol version
detection (old-style message framing), not size validation.
This is a protocol hardening gap. The standard Java binding raises a
TProtocolException with type NEGATIVE_SIZE; the JavaME binding should be
brought to parity.
The fix should add the same negative-size validation as TBinaryProtocol.java to
all container and string/binary read paths in the JavaME variant.
See THRIFT-6025 for the equivalent Ruby fix.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
