Uploaded image for project: 'Thrift'
  1. Thrift
  2. THRIFT-4506

[CVE-2018-1320] Remove assertion in Java SASL code that would be ignored in release builds

    Details

      Description

      There is an assertion in the SASL transport for Java that will only be processed in debug builds, at https://github.com/apache/thrift/blob/master/lib/java/src/org/apache/thrift/transport/TSaslTransport.java#L298. The preceeding while loop can be changed to guarantee this assertion in all builds.

      https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-1320

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                jking3 James E. King III
                Reporter:
                jking3 James E. King III
              • Votes:
                0 Vote for this issue
                Watchers:
                8 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: