Message6387

Author	otmarhumbel
Recipients	otmarhumbel
Date	2011-02-08.12:40:01
SpamBayes Score	2.2088853e-10
Marked as misclassified	No
Message-id	<1297168802.63.0.331765515947.issue1705@psf.upfronthosting.co.za>
In-reply-to

Content
Lately there has been quite of rumour in the Java community about the endless loop caused by a certain range of values. Jython could be brought into such an endless loop simply by assigning the right value to a variable, such as value = a_bad_value The Java hot spots are the following: - BigDecimal.doubleValue() - BigDecimal.floatValue() - Double(String) - Double.parseDouble(String) - Double.valueOf(String) - Float(String) - Float.parseFloat(String) - Float.valueOf(String) The attached patch prevents these kind of attacks by replacing our usage of the hot spots above by a safer parsing strategy: 1) look for suspicious digits in the input string (heuristic, but quite fast) 2a) for suspicious values: use BigDecimal to safely parse them 2b) fix the real dangerous values by 'rounding' them to safe ones (outside the dangerous interval) For non-suspicious values, use the default fast Double parsing, as before The performance penalty in the majority of cases is the detection of suspiciousness: final protected static boolean isSuspicious(String s) { return digits(s).indexOf(SUSPICIOUS_DIGITS) >= 0; } final private static String digits(String s) { char[] ca = s.toCharArray(); int len = ca.length; StringBuilder b = new StringBuilder(len); for (int i = 0; i < len; i++) { char c = ca[i]; if (c >= '0' && c <= '9') { b.append(c); } } return b.toString(); } Two questions: - does this sound reasonable ? - if yes, should we build that into 2.5.2 final ?

Lately there has been quite of rumour in the Java community about the endless loop caused by a certain range of values.
Jython could be brought into such an endless loop simply by assigning the right value to a variable, such as
  value = a_bad_value

The Java hot spots are the following:
- BigDecimal.doubleValue()
- BigDecimal.floatValue()
- Double(String)
- Double.parseDouble(String)
- Double.valueOf(String)
- Float(String)
- Float.parseFloat(String)
- Float.valueOf(String)


The attached patch prevents these kind of attacks by replacing our usage of the hot spots above by a safer parsing strategy:

1) look for suspicious digits in the input string (heuristic, but quite fast)
2a) for suspicious values: use BigDecimal to safely parse them
2b) fix the real dangerous values by 'rounding' them to safe ones (outside the dangerous interval) 
For non-suspicious values, use the default fast Double parsing, as before

The performance penalty in the majority of cases is the detection of suspiciousness:

final protected static boolean isSuspicious(String s) {
  return digits(s).indexOf(SUSPICIOUS_DIGITS) >= 0;
}

final private static String digits(String s) {
  char[] ca = s.toCharArray();
  int len = ca.length;
  StringBuilder b = new StringBuilder(len);
  for (int i = 0; i < len; i++) {
    char c = ca[i];
    if (c >= '0' && c <= '9') {
      b.append(c);
    }
  }
  return b.toString();
}


Two questions:
 - does this sound reasonable ?
 - if yes, should we build that into 2.5.2 final ?

History
Date	User	Action	Args
2011-02-08 12:40:02	otmarhumbel	set	recipients: + otmarhumbel
2011-02-08 12:40:02	otmarhumbel	set	messageid: <1297168802.63.0.331765515947.issue1705@psf.upfronthosting.co.za>
2011-02-08 12:40:02	otmarhumbel	link	issue1705 messages
2011-02-08 12:40:02	otmarhumbel	create