]
Galder Zamarreño updated ISPN-1225:
-----------------------------------
Fix Version/s: 5.0.0.FINAL
check the length of vint/vlong values in hotrod protocol
--------------------------------------------------------
Key: ISPN-1225
URL:
https://issues.jboss.org/browse/ISPN-1225
Project: Infinispan
Issue Type: Bug
Components: Cache Server
Affects Versions: 5.0.0.CR7
Reporter: Michal Linhard
Assignee: Galder Zamarreño
Fix For: 5.0.0.FINAL
Currently no check is done on the length of the VInt/VLong values that are transmitted in
messages of Hot Rod protocol.
(the next byte is read until its MSB is 0)
We could limit the length of the VInt value to 5 bytes and VLong to 9 bytes and throw an
exception like "stream corrupted" if the limit is exceeded, for the purposes of
input data validation ...
--
This message is automatically generated by JIRA.
For more information on JIRA, see: