When I covered this several months back on my personal blog, I was very excited about it. In a fit of sensationalism I titled the post “ABAP exploit/vulnerability exposed”, but it’s not nearly as bad as that. Basically it boils down to this: Doing a syntax check on a recursive structure definition brought our system to a grinding halt (for a few minutes at a time, until the process terminated).
Thomas Jung also tried it at the time on his own system, but the results were – what shall I say – rather disappointing, at least to my liking.
We did raise it with SAP support at the time, and because I didn’t follow up on it, there may or may not be a patch that addresses this for all I know. Anyway, it would be interesting hearing from community members what experience they make with this.
To save you a trip to my blog, I’m including a code snippet. Paste it into an ABAP editor, and do a syntax check (I take no responsibility though for any damage incurred!).
DATA: BEGIN OF gt_stat OCCURS 0.
INCLUDE STRUCTURE vicarsdate.
DATA: lv_stat LIKE LINE OF gt_stat. "<-- Problem is here
DATA: transf TYPE xfeld.
DATA: END OF gt_stat.