Details
-
Bug
-
Status: Closed
-
Major
-
Resolution: Invalid
-
0.11.0, 0.12.0
-
None
-
None
-
Ubuntu 16.04.3 LTS
Open JDK version "1.8.0_191" build 25.191-b12
Description
Operations: During Apache Thrift integration testing, I developed a calculator application with a client and a server. The client sent a computational command and get the result from the server. After I applied dynamic taint analyzer (distTaint), I found bugs from taint paths finally.
The source: org.apache.thrift.transport.TIOStreamTransport:
public int read(byte[] buf, int off, int len) throws TTransportException {
if (inputStream_ == null)
int bytesRead;
......
bytesRead = inputStream_.read(buf, off, len);
......
}
The sink: org.apache.thrift.transport.TTransport,
public int readAll(byte[] buf, int off, int len)
throws TTransportException {
......
if (ret <= 0)
......
}
Sensitive information about expected and actual reading lengths (len, got) is leaked.
The tainted path:
org.apache.thrift.transport.TIOStreamTransport -->
org.apache.thrift.transport.TTransport
I am going to submit a CVE, so please confirm this is not a true positive.
Attachments
Issue Links
- is duplicated by
-
THRIFT-4922 Sensitive information is leaked from TTransport through a TTransportException
- Closed
-
THRIFT-4923 An information leakage from TIOStreamTransport
- Closed
-
THRIFT-4924 An information leakage from TSocket
- Closed
-
THRIFT-4925 An information leakage from TSaslClientTransport
- Closed
-
THRIFT-4926 An information leakage from TSaslTransport
- Closed
-
THRIFT-4929 Sensitive information about socket input stream or output stream is leaked from TIOStreamTransport
- Closed
-
THRIFT-4930 An information leakage about socket input stream or output stream from TIOStreamTransport to TSocket
- Closed
- links to