Details
-
Bug
-
Status: Closed
-
Major
-
Resolution: Invalid
-
0.11.0, 0.12.0
-
None
-
None
-
Ubuntu 16.04.3 LTS
Open JDK version "1.8.0_191" build 25.191-b12
Description
In org.apache.thrift.transport.TTransport,
public int readAll(byte[] buf, int off, int len)
throws TTransportException {
int got = 0;
int ret = 0;
while (got < len) {
ret = read(buf, off+got, len-got);
if (ret <= 0)
got += ret;
}
return got;
}
Sensitive information about expected and actual reading lengths (len, got) is leaked.
Attachments
Issue Links
- duplicates
-
THRIFT-4928 Sensitive information about expected and actual reading lengths (len, got) is leaked from TIOStreamTransport to TTransport through a TTransportException
- Closed