Uploaded image for project: 'Thrift'
  1. Thrift
  2. THRIFT-2660

Validate the bytes received in TSaslTransport

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Closed
    • Major
    • Resolution: Fixed
    • 0.9
    • 0.9.2
    • Java - Library
    • None
    • Patch Available

    Description

      In TSaslTransport#receiveSaslMessage, we are doing two things incorrectly:

      • Not validating the status byte code.
      • Not validating the decoded payload size integer before allocating a whole array with it.

      The latter especially is bad when a network security software sends a thrift server port some garbage data, causing it to receive failures like:

      java.lang.OutOfMemoryError: Java heap space
      	at org.apache.thrift.transport.TSaslTransport.receiveSaslMessage(TSaslTransport.java:181)
      	at org.apache.thrift.transport.TSaslServerTransport.handleSaslStartMessage(TSaslServerTransport.java:125)
      	at org.apache.thrift.transport.TSaslTransport.open(TSaslTransport.java:253)
      

      Or even,

      ERROR org.apache.thrift.server.TThreadPoolServer: Error occurred during processing of message.
      java.lang.NegativeArraySizeException
              at org.apache.thrift.transport.TSaslTransport.receiveSaslMessage(TSaslTransport.java:181)
              at org.apache.thrift.transport.TSaslServerTransport.handleSaslStartMessage(TSaslServerTransport.java:125)
              at org.apache.thrift.transport.TSaslTransport.open(TSaslTransport.java:253)
      

      Attachments

        1. THRIFT-2660.patch
          4 kB
          Harsh J
        2. THRIFT-2660.patch
          4 kB
          Harsh J

        Issue Links

          Activity

            People

              roger Roger Meier
              qwertymaniac Harsh J
              Votes:
              0 Vote for this issue
              Watchers:
              7 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: