You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@thrift.apache.org by "xiaoqin.fu (JIRA)" <ji...@apache.org> on 2019/08/13 05:34:00 UTC
[jira] [Created] (THRIFT-4924) An information leakage from TSocket
xiaoqin.fu created THRIFT-4924:
----------------------------------
Summary: An information leakage from TSocket
Key: THRIFT-4924
URL: https://issues.apache.org/jira/browse/THRIFT-4924
Project: Thrift
Issue Type: Bug
Components: Java - Library
Affects Versions: 0.12.0, 0.11.0
Environment: Ubuntu 16.04.3 LTS
Open JDK version "1.8.0_191" build 25.191-b12
Reporter: xiaoqin.fu
In org.apache.thrift.transport.TSocket,
public void close() {
......
if (socket_ != null) {
try {
socket_.close();
} catch (IOException iox) {
LOGGER.warn("Could not close socket.", iox);
}
socket_ = null;
}
}
Sensitive information about socket input stream or output stream may be leaked.
The LOGGER.isWarnEnabled() conditional statement should be added to the method close() and others such as TSocket(Socket socket) and setTimeout(int timeout):
public void close() {
......
if (socket_ != null) {
try {
socket_.close();
} catch (IOException iox) {
if (LOGGER.isWarnEnabled())
LOGGER.warn("Could not close socket.", iox);
}
socket_ = null;
}
}
--
This message was sent by Atlassian JIRA
(v7.6.14#76016)