[
https://issues.apache.org/jira/browse/WW-4146?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14045861#comment-14045861
]
Hudson commented on WW-4146:
----------------------------
SUCCESS: Integrated in Struts-JDK6-features #65 (See
[https://builds.apache.org/job/Struts-JDK6-features/65/])
WW-4146 Caches only valid Ognl expressions to avoid cache attack (lukaszlenart:
rev 86813c1a7214bc002a5d7ce9981a9ef333e27142)
*
xwork-core/src/main/java/com/opensymphony/xwork2/ognl/accessor/CompoundRootAccessor.java
* xwork-core/src/main/java/com/opensymphony/xwork2/ognl/OgnlUtil.java
WW-4146 caches only valid OGNL expressions, closes #12 (lukaszlenart: rev
63de7730ee2be146e90227ed067ed108f4a2a534)
* xwork-core/src/main/java/com/opensymphony/xwork2/ognl/OgnlUtil.java
> cache attack at OgnlUtil.expressions
> -------------------------------------
>
> Key: WW-4146
> URL: https://issues.apache.org/jira/browse/WW-4146
> Project: Struts 2
> Issue Type: Bug
> Components: Expression Language
> Affects Versions: 2.3.15.1
> Reporter: bruce liu
> Assignee: Lukasz Lenart
> Fix For: 2.3.18
>
> Attachments: WW-4146.patch
>
>
> in class com.opensymphony.xwork2.ognl.OgnlUtil, code :
> {code:java}
> tree = expressions.get(expression);
> if (tree == null) {
> tree = Ognl.parseExpression(expression);
> expressions.putIfAbsent(expression, tree);
> }
> {code}
> every parameter in the request cached in field expressions which is an
> instances of ConcurrentMap<String, Object>, use parameterName as key. so i
> construct huge different parameters that has different name (like "abc[123],
> abc[124]" ), they all cached in expressions, this cause outofmemory error,
> and let map acted like a list .
--
This message was sent by Atlassian JIRA
(v6.2#6252)
