Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-6560193

Denial of Service attack possible via BigDecimal class

    XMLWordPrintable

Details

    • Bug
    • Resolution: Not an Issue
    • P4
    • None
    • 6
    • core-libs
    • x86
    • windows_xp

    Description

      FULL PRODUCT VERSION :
      java_sdk_source_6u2

      ADDITIONAL OS VERSION INFORMATION :
      all OS

      A DESCRIPTION OF THE PROBLEM :
      the java.math.BigDecimal class accepts inputs that will make the JVM unresponsive.

      Any software that accepts user input is vulnerable to this attck.

      The attack string may also be inadvertly created, causing the JVM to become unresponsive.

      NOTE: This problem was reported almost a year ago, on Jul 30 2006, id: 764300, but has not been fixed in a very recent SDK (JDK 6 update 2). This is a very serious problem, especially in the context of web applications as you can probably imagine.


      STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
      import java.math.BigDecimal;

      public class Dos {
              public static void main(String[] args) throws Exception {
                      BigDecimal a = new BigDecimal("5");
                      BigDecimal b = new BigDecimal("5e912345");
                      BigDecimal c = a.add(b);

              }
      };

      EXPECTED VERSUS ACTUAL BEHAVIOR :
      EXPECTED -
      Adding two numbers that are represented by short strings (9 characters) should be fast.
      ACTUAL -
      Running the example takes 4 minutes on intel dual core processor !



      REPRODUCIBILITY :
      This bug can be reproduced always.

      ---------- BEGIN SOURCE ----------
      import java.math.BigDecimal;

      public class Dos {
              public static void main(String[] args) throws Exception {
                      BigDecimal a = new BigDecimal("5");
                      BigDecimal b = new BigDecimal("5e912345");
                      BigDecimal c = a.add(b);

              }
      };
      ---------- END SOURCE ----------

      CUSTOMER SUBMITTED WORKAROUND :
      parse the string and make sure that the exponent is in the range -311 .. +311

      Attachments

        Activity

          People

            darcy Joe Darcy
            ryeung Roger Yeung (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:
              Imported:
              Indexed: