[THRIFT-4024] Skip() should throw on unknown data types - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Closed
Priority: Major
Resolution: Fixed
Affects Version/s: 0.10.0
Fix Version/s: 0.13.0
Component/s: C# - Library, Delphi - Library, Go - Library, Haxe - Library, netcore - Library
Labels:
None

Description

I'm using TBinaryProtocol and a simple transport that reads from a given byte array.

C# library contains the following code in TProtocolUtil.Skip(TProtocol prot, TType type):

case TType.List:
	TList list = prot.ReadListBegin();
	for (int i = 0; i < list.Count; i++) {
		Skip(prot, list.ElementType);
	}
	prot.ReadListEnd();
	break;

The type of elements is detected in ReadListBegin(), and, as Skip() does nothing for unknown types, the position in the binary remains the same until the for loop completes.

So, when you try to deserialize invalid data, and a field type happens to be detected as TType.List, you may end up waiting for a random period of time until deserialization is completed (734707176 iterations of skipping in my case).

I suggest throwing an exception immediately when list elements type is unknown. May be, it would be good to have a setting like FailOnUnknownType, so that Skip() will throw instead of ignoring.

Attachments

Issue Links

Dependency

THRIFT-4783 Thrift should throw when skipping over unexpected data

Closed

incorporates

THRIFT-4784 Thrift should throw when skipping over unexpected data

Closed

is duplicated by

THRIFT-4997 Nexus Scan Reporting Security issue CVE-2019-0205 for Thrift:

Resolved

is related to

THRIFT-5075 Backport fixes for CVE-2019-0205 to (Java) 0.9.3-1 version

Resolved

links to

GitHub Pull Request #1155

GitHub Pull Request #1503

GitHub Pull Request #1742

(2 links to)

Sub-Tasks

1.	Skip() should throw TProtocolException.INVALID_DATA on unknown data types	Closed	James E. King III
2.	Skip() should throw TProtocolException.INVALID_DATA on unknown data types	Closed	James E. King III
3.	Skip() should throw TProtocolException.INVALID_DATA on unknown data types	Closed	James E. King III
4.	Skip() should throw TProtocolException.INVALID_DATA on unknown data types	Closed	James E. King III
5.	Skip() should throw TProtocolException.INVALID_DATA on unknown data types	Closed	James E. King III
6.	Skip() should throw TProtocolException.INVALID_DATA on unknown data types	Closed	James E. King III
7.	Skip() should throw TProtocolException.INVALID_DATA on unknown data types	Closed	James E. King III
8.	Skip() should throw TProtocolException.INVALID_DATA on unknown data types	Closed	James E. King III
9.	Skip() should throw TProtocolException.INVALID_DATA on unknown data types	Closed	James E. King III
10.	Skip() should throw TProtocolException.INVALID_DATA on unknown data types	Resolved	Unassigned
11.	Skip() should throw TProtocolException.INVALID_DATA on unknown data types	Closed	James E. King III
12.	Skip() should throw TProtocolException.INVALID_DATA on unknown data types	Closed	James E. King III

Activity

People

Assignee:: James E. King III

Reporter:: Michael Antipin

Votes:: 0 Vote for this issue

Watchers:: 5 Start watching this issue

Dates

Created:: 10/Jan/17 11:35

Updated:: 25/Jan/20 08:56

Resolved:: 17/Feb/19 17:08

Time Tracking

Estimated:

Not Specified

Remaining:

Logged:

10m

Include sub-tasks