Loading...

XML

Word

Printable

Type: Feature Request
Resolution: Done
Priority: Minor
Fix Version/s: 4.2.11, 5.1.4
Affects Version/s: None
Labels:
None

Blocked:
False
Ready:
False
Release Note Text:
Undefined
Market:

SFDC Cases Links:
SFDC Cases Counter:
SFDC Cases Open:

Both NioConnection and TcpConnection read the length (4 bytes) first, then allocate a buffer and call InputStream.readFully().
If some random client (nc, curl, wget etc)connects accidentally, length might be huge and the memory allocation will fail with an OOME. This may even terminate the JVM, e.g. if -XX:+ExitOnOutOfMemoryError is set.
Solution: introduce an attribute which caps the max length, and throws an exception (closing the connection), avoiding reading the data. If 0, the length will not be capped.

is related to

JGRP-2559 BaseServer.max_length is not used by TCP/TCP_NIO2

Resolved

Assignee:: Bela Ban

Reporter:: Bela Ban

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Created:: 2021/01/08 7:19 AM

Updated:: 2022/01/12 7:25 AM

Resolved:: 2021/05/19 6:14 AM

Details

Description

Attachments

Issue Links

Easy Agile Planning Poker

Activity

People

Dates