| Log Message: |
THRIFT-1643:Denial of Service attack in TBinaryProtocol.readString
Client: java
Patch: Niraj Tolia
In readString, if the string field's size is greater than the number of bytes remaining in the byte array to deserialize, libthrift will happily allocate a byte array of that size in readStringBody, filling the heap.
|
thrift/trunk/lib/java/src/org/apache/thrift/protocol/TCompactProtocol.java