[
https://issues.apache.org/struts/browse/WW-2030?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Andrea Vettori updated WW-2030:
-------------------------------
Attachment: translateVariable.txt
Please see translateVariable.txt
This seems to work.
Don't know if it breaks anything :)
It needs to be integrated with logging and maxLoopCount parameter handling.
If maxLoopCount is set to 1 the infinite loop DoS is prevented AND expression
evaluation is prevented. This is the default if the "old" method is called.
If maxLoopCount>1 expression evaluation is on for maxLoopCount levels but the
DoS is prevented.
Now we need to call the correct method IF we want the recoursive evaluation
(i.e. when the value is specified in the jsp source code). We should be able to
specify the maxLoopCount in a configuration parameter.
> DOS (continuos memory eating on an infinte loop) on form fields
> ---------------------------------------------------------------
>
> Key: WW-2030
> URL: https://issues.apache.org/struts/browse/WW-2030
> Project: Struts 2
> Issue Type: Bug
> Components: Value Stack
> Affects Versions: 2.0.8
> Reporter: Andrea Vettori
> Priority: Critical
> Attachments: Struts.diff, Struts2.diff, translateVariable.txt,
> xwork.diff, xwork2.diff
>
>
> On a form with
> <s:textfield name="xxx">
> if the user enters %{xxx} as the value then
> com/opensymphony/xwork2/util/TextParseUtil.translateVariables enters an
> infinite loop eating about 1GB of ram in one second on my server.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
