You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@mina.apache.org by "Curd Reinert (JIRA)" <ji...@apache.org> on 2018/01/12 13:09:00 UTC

[jira] [Created] (SSHD-794) AbstractChannel.handleWindowAdjust(...) / Window.expand() don't check for integer overflow

Curd Reinert created SSHD-794:
---------------------------------

             Summary: AbstractChannel.handleWindowAdjust(...) / Window.expand() don't check for integer overflow
                 Key: SSHD-794
                 URL: https://issues.apache.org/jira/browse/SSHD-794
             Project: MINA SSHD
          Issue Type: Bug
    Affects Versions: 0.14.0
         Environment: Any.
            Reporter: Curd Reinert


In AbstractChannel.handleWindowAdjust(Buffer), the window size is read from the buffer and passed to the window. In Window.expand(int), the window is added to the current size. If the current size is > 0 and the maximum allowed window adjustment (2^31 -1) is passed, size will become negative. This causes a loop when trying to read from / write to this channel which cosumes one processor core.
The resulting size should be checked to be > 0.
I see that this has been done for the 1.x release. Any chance that this can be fixed in 0.15?




--
This message was sent by Atlassian JIRA
(v6.4.14#64029)