Uploaded image for project: 'Thrift'
  1. Thrift
  2. THRIFT-4924

An information leakage from TSocket

    XMLWordPrintableJSON

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Invalid
    • Affects Version/s: 0.11.0, 0.12.0
    • Fix Version/s: None
    • Component/s: Java - Library
    • Labels:
      None
    • Environment:

      Ubuntu 16.04.3 LTS
      Open JDK version "1.8.0_191" build 25.191-b12

      Description

      In org.apache.thrift.transport.TSocket,
      public void close() {
      ......
      if (socket_ != null) {
      try

      { socket_.close(); }

      catch (IOException iox)

      { LOGGER.warn("Could not close socket.", iox); }

      socket_ = null;
      }
      }
      Sensitive information about socket input stream or output stream may be leaked.
      The LOGGER.isWarnEnabled() conditional statement should be added to the method close() and others such as TSocket(Socket socket) and setTimeout(int timeout):
      public void close() {
      ......
      if (socket_ != null) {
      try

      { socket_.close(); }

      catch (IOException iox)

      { if (LOGGER.isWarnEnabled()) LOGGER.warn("Could not close socket.", iox); }

      socket_ = null;
      }
      }

        Attachments

          Issue Links

          duplicates

          Bug - A problem which impairs or prevents the functions of the product. THRIFT-4928 Sensitive information about expected and actual reading lengths (len, got) is leaked from TIOStreamTransport to TTransport through a TTransportException

          • Major - Major loss of function.
          • Closed

            Activity

              People

              • Assignee:
                jensg Jens Geyer
                Reporter:
                xiaoqin.fu xiaoqin.fu
              • Votes:
                0 Vote for this issue
                Watchers:
                2 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: