Skip to Content

When I covered this several months back on my personal blog, I was very excited about it. In a fit of sensationalism I titled the post “ABAP exploit/vulnerability exposed”, but it’s not nearly as bad as that. Basically it boils down to this: Doing a syntax check on a recursive structure definition brought our system to a grinding halt (for a few minutes at a time, until the process terminated).

Thomas Jung also tried it at the time on his own system, but the results were – what shall I say – rather disappointing, at least to my liking.

We did raise it with SAP support at the time, and because I didn’t follow up on it, there may or may not be a patch that addresses this for all I know. Anyway, it would be interesting hearing from community members what experience they make with this.

To save you a trip to my blog, I’m including a code snippet. Paste it into an ABAP editor, and do a syntax check (I take no responsibility though for any damage incurred!).

DATA: BEGIN OF gt_stat OCCURS 0.
INCLUDE STRUCTURE vicarsdate.
DATA: lv_stat LIKE LINE OF gt_stat. "<-- Problem is here
DATA: transf TYPE xfeld.
DATA: END OF gt_stat.
To report this post you need to login first.

1 Comment

You must be Logged on to comment or reply to a post.

  1. Narasimha Rao Bandla
    Hi,

    I tried it on a ECC 6.0 system.
    It ran the syntax check for about 6 seconds and then terminated with this message:
    SAP System message: Work process restarted; session terminated

    Nice logic to get the production system down and keep all the guys wondering how does it happen… 😉

    Thanks for the snipet….

    Cheers,
    Simha.

    (0) 

Leave a Reply