Skip to content
Permalink
Browse files Browse the repository at this point in the history
Fix tf.raw_ops.DeleteSessionTensor vulnerability with invalid handle.
Check that `handle` input is actually a scalar before treating it as such.

PiperOrigin-RevId: 445228994
  • Loading branch information
poulsbo authored and tensorflower-gardener committed Apr 28, 2022
1 parent 339d5de commit cff2676
Showing 1 changed file with 2 additions and 0 deletions.
2 changes: 2 additions & 0 deletions tensorflow/core/kernels/session_ops.cc
Expand Up @@ -134,6 +134,8 @@ class DeleteSessionTensorOp : public OpKernel {

void Compute(OpKernelContext* ctx) override {
const Tensor& handle = ctx->input(0);
OP_REQUIRES(ctx, TensorShapeUtils::IsScalar(handle.shape()),
errors::InvalidArgument("`handle` must be scalar"));
const string& name = handle.scalar<tstring>()();
auto session_state = ctx->session_state();
OP_REQUIRES(ctx, session_state != nullptr,
Expand Down

0 comments on commit cff2676

Please sign in to comment.