Uploaded image for project: 'JGroups'
  1. JGroups
  2. JGRP-2523

Cap max data read by TcpConnection or NioConnection

    XMLWordPrintable

Details

    • Feature Request
    • Resolution: Done
    • Minor
    • 4.2.11, 5.1.4
    • None
    • None
    • False
    • False
    • 0
    • 0% 0%
    • Undefined

    Description

      Both NioConnection and TcpConnection read the length (4 bytes) first, then allocate a buffer and call InputStream.readFully().
      If some random client (nc, curl, wget etc)connects accidentally, length might be huge and the memory allocation will fail with an OOME. This may even terminate the JVM, e.g. if -XX:+ExitOnOutOfMemoryError is set.
      Solution: introduce an attribute which caps the max length, and throws an exception (closing the connection), avoiding reading the data. If 0, the length will not be capped.

      Attachments

        Issue Links

          is related to

          Task - Represents a small unit of work that is not end-user facing. JGRP-2559 BaseServer.max_length is not used by TCP/TCP_NIO2

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Resolved

          Activity

            People

              rhn-engineering-bban Bela Ban
              rhn-engineering-bban Bela Ban
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: