You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@mina.apache.org by "Curd Reinert (JIRA)" <ji...@apache.org> on 2018/01/12 13:09:00 UTC
[jira] [Created] (SSHD-794) AbstractChannel.handleWindowAdjust(...)
/ Window.expand() don't check for integer overflow
Curd Reinert created SSHD-794:
---------------------------------
Summary: AbstractChannel.handleWindowAdjust(...) / Window.expand() don't check for integer overflow
Key: SSHD-794
URL: https://issues.apache.org/jira/browse/SSHD-794
Project: MINA SSHD
Issue Type: Bug
Affects Versions: 0.14.0
Environment: Any.
Reporter: Curd Reinert
In AbstractChannel.handleWindowAdjust(Buffer), the window size is read from the buffer and passed to the window. In Window.expand(int), the window is added to the current size. If the current size is > 0 and the maximum allowed window adjustment (2^31 -1) is passed, size will become negative. This causes a loop when trying to read from / write to this channel which cosumes one processor core.
The resulting size should be checked to be > 0.
I see that this has been done for the 1.x release. Any chance that this can be fixed in 0.15?
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)