You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@mina.apache.org by "Goldstein Lyor (JIRA)" <ji...@apache.org> on 2018/01/12 14:41:00 UTC
[jira] [Resolved] (SSHD-794)
AbstractChannel.handleWindowAdjust(...) / Window.expand() don't check for
integer overflow
[ https://issues.apache.org/jira/browse/SSHD-794?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Goldstein Lyor resolved SSHD-794.
---------------------------------
Resolution: Duplicate
Fix Version/s: 1.4.0
0.14.0 is a very (very) old version which we no longer support. As you have mentioned, the current version (1.6.0) and the soon to be released (1.7) do not have this issue (a.k.a. SSHD-701). Please use them - we do not have a policy of backpatching old versions due to lack of manpower (not to mention the version hell it entails). However, if you absolutely MUST use 0.14.0, you can clone the code and patch it according to the fix in the official release...
> AbstractChannel.handleWindowAdjust(...) / Window.expand() don't check for integer overflow
> ------------------------------------------------------------------------------------------
>
> Key: SSHD-794
> URL: https://issues.apache.org/jira/browse/SSHD-794
> Project: MINA SSHD
> Issue Type: Bug
> Affects Versions: 0.14.0
> Environment: Any.
> Reporter: Curd Reinert
> Fix For: 1.4.0
>
>
> In AbstractChannel.handleWindowAdjust(Buffer), the window size is read from the buffer and passed to the window. In Window.expand(int), the window is added to the current size. If the current size is > 0 and the maximum allowed window adjustment (2^31 -1) is passed, size will become negative. This causes a loop when trying to read from / write to this channel which cosumes one processor core.
> The resulting size should be checked to be > 0.
> I see that this has been done for the 1.x release. Any chance that this can be fixed in 0.15?
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)