You are viewing a plain text version of this content. The canonical link for it is here.

Posted to pr@jena.apache.org by GitBox <gi...@apache.org> on 2020/03/10 13:40:35 UTC

[GitHub] [jena] rvesse commented on a change in pull request #705: JENA-1854: Fuseki to consume the whole request body when errors occur.

rvesse commented on a change in pull request #705: JENA-1854: Fuseki to consume the whole request body when errors occur.
URL: https://github.com/apache/jena/pull/705#discussion_r390317411
 
 

 ##########
 File path: jena-base/src/main/java/org/apache/jena/atlas/io/IO.java
 ##########
 @@ -437,4 +437,22 @@ public FileVisitResult postVisitDirectory(Path dir, IOException e) throws IOExce
         }
         catch (IOException ex) { IO.exception(ex); return; }
     }
+
+    // Do nothing buffer.  Never read from this, it may be corrupt because it is shared.
+    private static int SKIP_BUFFER_LEN = 64*1024;
+    private static byte[] SKIP_BUFFER = null;
+    /** Skip to the end of the InputStream, discarding input. */
+    public static void skipToEnd(InputStream input) {
+        if ( SKIP_BUFFER == null )
+            // No harm in concurrent assignment.
+            SKIP_BUFFER = new byte[SKIP_BUFFER_LEN];
 
 Review comment:
   I think @afs's goal here is to minimise extra memory usage by having a shared buffer that we can just dump the unread data out into potentially by many threads at once.  We're never going to read the data back out so it doesn't matter if many threads are dumping unusable data into it at once.
   
   If you had a local variable then you'd have a buffer by thread and a potential DoS vector because a malicious client could send a load of malformed request bodies in order to get Fuseki to run up its memory usage and OOM.

----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
users@infra.apache.org


With regards,
Apache Git Services

---------------------------------------------------------------------
To unsubscribe, e-mail: pr-unsubscribe@jena.apache.org
For additional commands, e-mail: pr-help@jena.apache.org