Closed Bug 334190 Opened 19 years ago Closed 15 years ago

Event var_decl: Declared variable "array" without initializer in EncodeArray

Categories

(Core Graveyard :: Web Services, defect)

Product:
Core Graveyard
Component:
Web Services
Platform:
x86
Linux
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

(Not tracked)

Status:
RESOLVED INVALID

People

(Reporter: timeless, Unassigned)

References

(
URL
)

Details

(Whiteboard: [sg:investigate])

i'm not sure how possible it is to convince the soap code to make a 0 sized array. but if it's possible, and given things, it might be. then we're probably attackable.
It seems that distinction is done between empty and null and that empty array should be represented by specifying 0 as dimension : http://docs.jboss.org/jbossas/javadoc/4.0.2/org/jboss/axis/encoding/ser/ArraySerializer.java.html (refers to apache Axis included in JBoss). Is there any trouble with that in current impl ?
Whiteboard: [sg:investigate]
The SOAP code has been removed.
Status: UNCONFIRMED → RESOLVED
Closed: 15 years ago
Resolution: --- → INVALID
Group: core-security
Product: Core → Core Graveyard
You need to log in before you can comment on or make changes to this bug.