What are you doing now?

Twitter on Ulitzer

Subscribe to Twitter on Ulitzer: eMailAlertsEmail Alerts newslettersWeekly Newsletters
Get Twitter on Ulitzer: homepageHomepage mobileMobile rssRSS facebookFacebook twitterTwitter linkedinLinkedIn

Twitter Authors: Pat Romanski, Hovhannes Avoyan, Jim Kaskade, Bob Gourley, Lori MacVittie

Related Topics: Twitter on Ulitzer, Security Journal, Java Developer Magazine

Blog Feed Post

Mitigate Java Vulnerability with iRules

Twitter is ablaze on the issue, and there is a good discussion thread on Hacker News as well

I got a request yesterday morning to asking if there was a way to drop HTTP requests if a certain number was referenced in the Accept-Language header. 

The user referenced this post on Exploring Binary

The number, 2.2250738585072012e-308, causes the Java runtime and compiler to go into an infinite loop when converting it to double-precision binary floating-point.  Not good.  Twitter is ablaze on the issue, and there is a good discussion thread on Hacker News as well.  So how do you stop it? 

At first, this appeared to be a no-brainer, just copy that string and drop if found in that header, right?  Well, there’s a catch.  A few actually.  This number can be represented in many ways:

  • Decimal point placement => 0.00022250738585072012e-304
  • Leading Zeroes => 00000000002.2250738585072012e-308
  • Trailing Zeroes => 2.225073858507201200000e-308
  • Leading Zeroes in the Exponent => 2.2250738585072012e-00308
  • Superfluous Digits past digit 17 => 2.2250738585072012997800001e-308

String match seemed the perfect fit for this as I need a few wildcards to sort this out.  I started in the Tcl shell just to make sure all the use cases matched:

Read the original blog entry...

More Stories By Jason Rahm

Experienced predominantly in the networking realm over the last dozen or so years, Jason is expanding his horizons towards systems management and even trying his hand at python.

Jason assists in the maintenance duties for http://devcentral.f5.com, contributes frequently in the forums, and writes weekly on some cool geekery in the F5 product lines. When not working, Jason enjoys spending time with his beautiful wife Michelle and his four children. He is active and volunteers network administration duties at his church and if there are any remaining minutes in the week, he enjoys Wii & XBOX, tennis, racquetball, softball, etc. He does not enjoy running, but does (scratch that, thinks about doing) it anyway to recover his youthful appearance.

Comments (0)

Share your thoughts on this story.

Add your comment
You must be signed in to add a comment. Sign-in | Register

In accordance with our Comment Policy, we encourage comments that are on topic, relevant and to-the-point. We will remove comments that include profanity, personal attacks, racial slurs, threats of violence, or other inappropriate material that violates our Terms and Conditions, and will block users who make repeated violations. We ask all readers to expect diversity of opinion and to treat one another with dignity and respect.