Details
-
Bug
-
Status: Closed
-
Major
-
Resolution: Invalid
-
0.11.0, 0.12.0
-
None
-
None
-
Ubuntu 16.04.3 LTS
Open JDK version "1.8.0_191" build 25.191-b12
Description
In org.apache.thrift.transport.TSaslClientTransport,
protected void handleSaslStartMessage() throws TTransportException, SaslException {
.......
LOGGER.debug("Sending mechanism name {} and initial response of length {}", mechanism,
initialResponse.length);
.......
}
Sensitive information about mechanism is leaked. The LOGGER.isDebugEnabled() conditional statement should be added:
protected void handleSaslStartMessage() throws TTransportException, SaslException {
.......
if (LOGGER.isDebugEnabled())
LOGGER.debug("Sending mechanism name {} and initial response of length {}", mechanism,
initialResponse.length);
.......
}
Attachments
Issue Links
- duplicates
-
THRIFT-4928 Sensitive information about expected and actual reading lengths (len, got) is leaked from TIOStreamTransport to TTransport through a TTransportException
- Closed