You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@kafka.apache.org by ma...@apache.org on 2022/09/21 16:00:22 UTC
[kafka] branch trunk updated (8e522c56d16 -> 5587c65fd3c)
This is an automated email from the ASF dual-hosted git repository.
manikumar pushed a change to branch trunk
in repository https://gitbox.apache.org/repos/asf/kafka.git
from 8e522c56d16 MINOR: Fix ConsumerPerformanceTest to work with non-default locales (#12623)
new b401fdaefbf MINOR: Add more validation during KRPC deserialization
new 5587c65fd3c MINOR: Add configurable max receive size for SASL authentication requests
The 2 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails. The revisions
listed as "add" were already present in the repository and have only
been added to this reference.
Summary of changes:
checkstyle/suppressions.xml | 6 +
.../config/internals/BrokerSecurityConfigs.java | 6 +
.../kafka/common/protocol/ByteBufferAccessor.java | 9 +-
.../common/protocol/DataInputStreamReadable.java | 139 ---------------------
.../org/apache/kafka/common/protocol/Readable.java | 8 +-
.../apache/kafka/common/record/DefaultRecord.java | 2 +
.../authenticator/SaslServerAuthenticator.java | 16 ++-
.../common/message/SimpleArraysMessageTest.java | 54 ++++++++
.../common/protocol/ByteBufferAccessorTest.java | 58 +++++++++
.../kafka/common/record/DefaultRecordTest.java | 14 +++
.../kafka/common/requests/RequestContextTest.java | 83 ++++++++++++
.../kafka/common/requests/RequestResponseTest.java | 91 ++++++++++++++
.../kafka/common/security/TestSecurityConfig.java | 2 +
.../authenticator/SaslAuthenticatorTest.java | 46 +++++++
.../authenticator/SaslServerAuthenticatorTest.java | 6 +-
...ecordsMessage.json => SimpleArraysMessage.json} | 15 ++-
core/src/main/scala/kafka/server/KafkaConfig.scala | 4 +
.../main/scala/kafka/tools/TestRaftServer.scala | 6 +-
.../scala/kafka/raft/KafkaMetadataLogTest.scala | 6 +-
.../scala/unit/kafka/server/KafkaConfigTest.scala | 2 +
.../apache/kafka/message/MessageDataGenerator.java | 9 +-
.../kafka/raft/internals/RecordsIterator.java | 106 +++++++++++-----
.../apache/kafka/raft/internals/StringSerde.java | 3 +-
23 files changed, 490 insertions(+), 201 deletions(-)
delete mode 100644 clients/src/main/java/org/apache/kafka/common/protocol/DataInputStreamReadable.java
create mode 100644 clients/src/test/java/org/apache/kafka/common/message/SimpleArraysMessageTest.java
create mode 100644 clients/src/test/java/org/apache/kafka/common/protocol/ByteBufferAccessorTest.java
copy clients/src/test/resources/common/message/{SimpleRecordsMessage.json => SimpleArraysMessage.json} (71%)
[kafka] 01/02: MINOR: Add more validation during KRPC deserialization
Posted by ma...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
manikumar pushed a commit to branch trunk
in repository https://gitbox.apache.org/repos/asf/kafka.git
commit b401fdaefbfbd9263deef0ab92b6093eaeb26d9b
Author: Colin Patrick McCabe <cm...@apache.org>
AuthorDate: Fri May 20 15:23:12 2022 -0700
MINOR: Add more validation during KRPC deserialization
When deserializing KRPC (which is used for RPCs sent to Kafka, Kafka Metadata records, and some
other things), check that we have at least N bytes remaining before allocating an array of size N.
Remove DataInputStreamReadable since it was hard to make this class aware of how many bytes were
remaining. Instead, when reading an individual record in the Raft layer, simply create a
ByteBufferAccessor with a ByteBuffer containing just the bytes we're interested in.
Add SimpleArraysMessageTest and ByteBufferAccessorTest. Also add some additional tests in
RequestResponseTest.
Reviewers: Tom Bentley <tb...@redhat.com>, Mickael Maison <mi...@gmail.com>, Colin McCabe <co...@cmccabe.xyz>
Co-authored-by: Colin McCabe <co...@cmccabe.xyz>
Co-authored-by: Manikumar Reddy <ma...@gmail.com>
Co-authored-by: Mickael Maison <mi...@gmail.com>
---
checkstyle/suppressions.xml | 4 +
.../kafka/common/protocol/ByteBufferAccessor.java | 9 +-
.../common/protocol/DataInputStreamReadable.java | 139 ---------------------
.../org/apache/kafka/common/protocol/Readable.java | 8 +-
.../apache/kafka/common/record/DefaultRecord.java | 2 +
.../common/message/SimpleArraysMessageTest.java | 54 ++++++++
.../common/protocol/ByteBufferAccessorTest.java | 58 +++++++++
.../kafka/common/record/DefaultRecordTest.java | 14 +++
.../kafka/common/requests/RequestContextTest.java | 83 ++++++++++++
.../kafka/common/requests/RequestResponseTest.java | 91 ++++++++++++++
.../common/message/SimpleArraysMessage.json | 29 +++++
.../main/scala/kafka/tools/TestRaftServer.scala | 6 +-
.../scala/kafka/raft/KafkaMetadataLogTest.scala | 6 +-
.../apache/kafka/message/MessageDataGenerator.java | 9 +-
.../kafka/raft/internals/RecordsIterator.java | 106 +++++++++++-----
.../apache/kafka/raft/internals/StringSerde.java | 3 +-
16 files changed, 433 insertions(+), 188 deletions(-)
diff --git a/checkstyle/suppressions.xml b/checkstyle/suppressions.xml
index ef3947ad91a..55fcd1a9e53 100644
--- a/checkstyle/suppressions.xml
+++ b/checkstyle/suppressions.xml
@@ -170,6 +170,10 @@
<suppress checks="JavaNCSS"
files="DistributedHerderTest.java"/>
+ <!-- Raft -->
+ <suppress checks="NPathComplexity"
+ files="RecordsIterator.java"/>
+
<!-- Streams -->
<suppress checks="ClassFanOutComplexity"
files="(KafkaStreams|KStreamImpl|KTableImpl|InternalTopologyBuilder|StreamsPartitionAssignor|StreamThread|IQv2StoreIntegrationTest|KStreamImplTest).java"/>
diff --git a/clients/src/main/java/org/apache/kafka/common/protocol/ByteBufferAccessor.java b/clients/src/main/java/org/apache/kafka/common/protocol/ByteBufferAccessor.java
index bd0925d6db3..f643f5b5779 100644
--- a/clients/src/main/java/org/apache/kafka/common/protocol/ByteBufferAccessor.java
+++ b/clients/src/main/java/org/apache/kafka/common/protocol/ByteBufferAccessor.java
@@ -54,8 +54,15 @@ public class ByteBufferAccessor implements Readable, Writable {
}
@Override
- public void readArray(byte[] arr) {
+ public byte[] readArray(int size) {
+ int remaining = buf.remaining();
+ if (size > remaining) {
+ throw new RuntimeException("Error reading byte array of " + size + " byte(s): only " + remaining +
+ " byte(s) available");
+ }
+ byte[] arr = new byte[size];
buf.get(arr);
+ return arr;
}
@Override
diff --git a/clients/src/main/java/org/apache/kafka/common/protocol/DataInputStreamReadable.java b/clients/src/main/java/org/apache/kafka/common/protocol/DataInputStreamReadable.java
deleted file mode 100644
index 70ed52d6a02..00000000000
--- a/clients/src/main/java/org/apache/kafka/common/protocol/DataInputStreamReadable.java
+++ /dev/null
@@ -1,139 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.kafka.common.protocol;
-
-import org.apache.kafka.common.utils.ByteUtils;
-
-import java.io.Closeable;
-import java.io.DataInputStream;
-import java.io.IOException;
-import java.nio.ByteBuffer;
-
-public class DataInputStreamReadable implements Readable, Closeable {
- protected final DataInputStream input;
-
- public DataInputStreamReadable(DataInputStream input) {
- this.input = input;
- }
-
- @Override
- public byte readByte() {
- try {
- return input.readByte();
- } catch (IOException e) {
- throw new RuntimeException(e);
- }
- }
-
- @Override
- public short readShort() {
- try {
- return input.readShort();
- } catch (IOException e) {
- throw new RuntimeException(e);
- }
- }
-
- @Override
- public int readInt() {
- try {
- return input.readInt();
- } catch (IOException e) {
- throw new RuntimeException(e);
- }
- }
-
- @Override
- public long readLong() {
- try {
- return input.readLong();
- } catch (IOException e) {
- throw new RuntimeException(e);
- }
- }
-
- @Override
- public double readDouble() {
- try {
- return input.readDouble();
- } catch (IOException e) {
- throw new RuntimeException(e);
- }
- }
-
- @Override
- public void readArray(byte[] arr) {
- try {
- input.readFully(arr);
- } catch (IOException e) {
- throw new RuntimeException(e);
- }
- }
-
- @Override
- public int readUnsignedVarint() {
- try {
- return ByteUtils.readUnsignedVarint(input);
- } catch (IOException e) {
- throw new RuntimeException(e);
- }
- }
-
- @Override
- public ByteBuffer readByteBuffer(int length) {
- byte[] arr = new byte[length];
- readArray(arr);
- return ByteBuffer.wrap(arr);
- }
-
- @Override
- public int readVarint() {
- try {
- return ByteUtils.readVarint(input);
- } catch (IOException e) {
- throw new RuntimeException(e);
- }
- }
-
- @Override
- public long readVarlong() {
- try {
- return ByteUtils.readVarlong(input);
- } catch (IOException e) {
- throw new RuntimeException(e);
- }
- }
-
- @Override
- public int remaining() {
- try {
- return input.available();
- } catch (IOException e) {
- throw new RuntimeException(e);
- }
- }
-
- @Override
- public void close() {
- try {
- input.close();
- } catch (IOException e) {
- throw new RuntimeException(e);
- }
- }
-
-}
diff --git a/clients/src/main/java/org/apache/kafka/common/protocol/Readable.java b/clients/src/main/java/org/apache/kafka/common/protocol/Readable.java
index 561696827df..80bee867482 100644
--- a/clients/src/main/java/org/apache/kafka/common/protocol/Readable.java
+++ b/clients/src/main/java/org/apache/kafka/common/protocol/Readable.java
@@ -32,7 +32,7 @@ public interface Readable {
int readInt();
long readLong();
double readDouble();
- void readArray(byte[] arr);
+ byte[] readArray(int length);
int readUnsignedVarint();
ByteBuffer readByteBuffer(int length);
int readVarint();
@@ -40,8 +40,7 @@ public interface Readable {
int remaining();
default String readString(int length) {
- byte[] arr = new byte[length];
- readArray(arr);
+ byte[] arr = readArray(length);
return new String(arr, StandardCharsets.UTF_8);
}
@@ -49,8 +48,7 @@ public interface Readable {
if (unknowns == null) {
unknowns = new ArrayList<>();
}
- byte[] data = new byte[size];
- readArray(data);
+ byte[] data = readArray(size);
unknowns.add(new RawTaggedField(tag, data));
return unknowns;
}
diff --git a/clients/src/main/java/org/apache/kafka/common/record/DefaultRecord.java b/clients/src/main/java/org/apache/kafka/common/record/DefaultRecord.java
index 8772556b1de..b2235fef490 100644
--- a/clients/src/main/java/org/apache/kafka/common/record/DefaultRecord.java
+++ b/clients/src/main/java/org/apache/kafka/common/record/DefaultRecord.java
@@ -342,6 +342,8 @@ public class DefaultRecord implements Record {
int numHeaders = ByteUtils.readVarint(buffer);
if (numHeaders < 0)
throw new InvalidRecordException("Found invalid number of record headers " + numHeaders);
+ if (numHeaders > buffer.remaining())
+ throw new InvalidRecordException("Found invalid number of record headers. " + numHeaders + " is larger than the remaining size of the buffer");
final Header[] headers;
if (numHeaders == 0)
diff --git a/clients/src/test/java/org/apache/kafka/common/message/SimpleArraysMessageTest.java b/clients/src/test/java/org/apache/kafka/common/message/SimpleArraysMessageTest.java
new file mode 100644
index 00000000000..1b78adbb962
--- /dev/null
+++ b/clients/src/test/java/org/apache/kafka/common/message/SimpleArraysMessageTest.java
@@ -0,0 +1,54 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.kafka.common.message;
+
+import org.apache.kafka.common.protocol.ByteBufferAccessor;
+import org.junit.jupiter.api.Test;
+
+import java.nio.ByteBuffer;
+
+import static org.junit.jupiter.api.Assertions.assertEquals;
+import static org.junit.jupiter.api.Assertions.assertThrows;
+
+public class SimpleArraysMessageTest {
+ @Test
+ public void testArrayBoundsChecking() {
+ // SimpleArraysMessageData takes 2 arrays
+ final ByteBuffer buf = ByteBuffer.wrap(new byte[] {
+ (byte) 0x7f, // Set size of first array to 126 which is larger than the size of this buffer
+ (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00
+ });
+ final SimpleArraysMessageData out = new SimpleArraysMessageData();
+ ByteBufferAccessor accessor = new ByteBufferAccessor(buf);
+ assertEquals("Tried to allocate a collection of size 126, but there are only 7 bytes remaining.",
+ assertThrows(RuntimeException.class, () -> out.read(accessor, (short) 2)).getMessage());
+ }
+
+ @Test
+ public void testArrayBoundsCheckingOtherArray() {
+ // SimpleArraysMessageData takes 2 arrays
+ final ByteBuffer buf = ByteBuffer.wrap(new byte[] {
+ (byte) 0x01, // Set size of first array to 0
+ (byte) 0x7e, // Set size of second array to 125 which is larger than the size of this buffer
+ (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00
+ });
+ final SimpleArraysMessageData out = new SimpleArraysMessageData();
+ ByteBufferAccessor accessor = new ByteBufferAccessor(buf);
+ assertEquals("Tried to allocate a collection of size 125, but there are only 6 bytes remaining.",
+ assertThrows(RuntimeException.class, () -> out.read(accessor, (short) 2)).getMessage());
+ }
+}
diff --git a/clients/src/test/java/org/apache/kafka/common/protocol/ByteBufferAccessorTest.java b/clients/src/test/java/org/apache/kafka/common/protocol/ByteBufferAccessorTest.java
new file mode 100644
index 00000000000..6a0c6c2681c
--- /dev/null
+++ b/clients/src/test/java/org/apache/kafka/common/protocol/ByteBufferAccessorTest.java
@@ -0,0 +1,58 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.kafka.common.protocol;
+
+import org.junit.jupiter.api.Test;
+
+import java.nio.ByteBuffer;
+import java.nio.charset.StandardCharsets;
+
+import static org.junit.jupiter.api.Assertions.assertArrayEquals;
+import static org.junit.jupiter.api.Assertions.assertEquals;
+import static org.junit.jupiter.api.Assertions.assertThrows;
+
+public class ByteBufferAccessorTest {
+ @Test
+ public void testReadArray() {
+ ByteBuffer buf = ByteBuffer.allocate(1024);
+ ByteBufferAccessor accessor = new ByteBufferAccessor(buf);
+ final byte[] testArray = new byte[] {0x4b, 0x61, 0x46};
+ accessor.writeByteArray(testArray);
+ accessor.writeInt(12345);
+ accessor.flip();
+ final byte[] testArray2 = accessor.readArray(3);
+ assertArrayEquals(testArray, testArray2);
+ assertEquals(12345, accessor.readInt());
+ assertEquals("Error reading byte array of 3 byte(s): only 0 byte(s) available",
+ assertThrows(RuntimeException.class,
+ () -> accessor.readArray(3)).getMessage());
+ }
+
+ @Test
+ public void testReadString() {
+ ByteBuffer buf = ByteBuffer.allocate(1024);
+ ByteBufferAccessor accessor = new ByteBufferAccessor(buf);
+ String testString = "ABC";
+ final byte[] testArray = testString.getBytes(StandardCharsets.UTF_8);
+ accessor.writeByteArray(testArray);
+ accessor.flip();
+ assertEquals("ABC", accessor.readString(3));
+ assertEquals("Error reading byte array of 2 byte(s): only 0 byte(s) available",
+ assertThrows(RuntimeException.class,
+ () -> accessor.readString(2)).getMessage());
+ }
+}
diff --git a/clients/src/test/java/org/apache/kafka/common/record/DefaultRecordTest.java b/clients/src/test/java/org/apache/kafka/common/record/DefaultRecordTest.java
index 49743d23201..67212165fc3 100644
--- a/clients/src/test/java/org/apache/kafka/common/record/DefaultRecordTest.java
+++ b/clients/src/test/java/org/apache/kafka/common/record/DefaultRecordTest.java
@@ -247,6 +247,20 @@ public class DefaultRecordTest {
buf.flip();
assertThrows(InvalidRecordException.class,
() -> DefaultRecord.readFrom(buf, 0L, 0L, RecordBatch.NO_SEQUENCE, null));
+
+ ByteBuffer buf2 = ByteBuffer.allocate(sizeOfBodyInBytes + ByteUtils.sizeOfVarint(sizeOfBodyInBytes));
+ ByteUtils.writeVarint(sizeOfBodyInBytes, buf2);
+ buf2.put(attributes);
+ ByteUtils.writeVarlong(timestampDelta, buf2);
+ ByteUtils.writeVarint(offsetDelta, buf2);
+ ByteUtils.writeVarint(-1, buf2); // null key
+ ByteUtils.writeVarint(-1, buf2); // null value
+ ByteUtils.writeVarint(sizeOfBodyInBytes, buf2); // more headers than remaining buffer size, not allowed
+ buf2.position(buf2.limit());
+
+ buf2.flip();
+ assertThrows(InvalidRecordException.class,
+ () -> DefaultRecord.readFrom(buf2, 0L, 0L, RecordBatch.NO_SEQUENCE, null));
}
@Test
diff --git a/clients/src/test/java/org/apache/kafka/common/requests/RequestContextTest.java b/clients/src/test/java/org/apache/kafka/common/requests/RequestContextTest.java
index 4415ff960aa..254dea0430e 100644
--- a/clients/src/test/java/org/apache/kafka/common/requests/RequestContextTest.java
+++ b/clients/src/test/java/org/apache/kafka/common/requests/RequestContextTest.java
@@ -16,22 +16,31 @@
*/
package org.apache.kafka.common.requests;
+import org.apache.kafka.common.errors.InvalidRequestException;
import org.apache.kafka.common.message.ApiVersionsResponseData;
import org.apache.kafka.common.message.ApiVersionsResponseData.ApiVersionCollection;
import org.apache.kafka.common.message.CreateTopicsResponseData;
+import org.apache.kafka.common.message.ProduceRequestData;
+import org.apache.kafka.common.message.SaslAuthenticateRequestData;
import org.apache.kafka.common.network.ClientInformation;
import org.apache.kafka.common.network.ListenerName;
import org.apache.kafka.common.network.Send;
import org.apache.kafka.common.protocol.ApiKeys;
+import org.apache.kafka.common.protocol.ApiMessage;
+import org.apache.kafka.common.protocol.ByteBufferAccessor;
import org.apache.kafka.common.protocol.Errors;
+import org.apache.kafka.common.protocol.ObjectSerializationCache;
import org.apache.kafka.common.security.auth.KafkaPrincipal;
import org.apache.kafka.common.security.auth.SecurityProtocol;
import org.junit.jupiter.api.Test;
import java.net.InetAddress;
+import java.net.UnknownHostException;
import java.nio.ByteBuffer;
+import java.util.Collections;
import static org.junit.jupiter.api.Assertions.assertEquals;
+import static org.junit.jupiter.api.Assertions.assertThrows;
import static org.junit.jupiter.api.Assertions.assertTrue;
public class RequestContextTest {
@@ -104,4 +113,78 @@ public class RequestContextTest {
assertEquals(expectedResponse, parsedResponse.data());
}
+ @Test
+ public void testInvalidRequestForImplicitHashCollection() throws UnknownHostException {
+ short version = (short) 5; // choose a version with fixed length encoding, for simplicity
+ ByteBuffer corruptBuffer = produceRequest(version);
+ // corrupt the length of the topics array
+ corruptBuffer.putInt(8, (Integer.MAX_VALUE - 1) / 2);
+
+ RequestHeader header = new RequestHeader(ApiKeys.PRODUCE, version, "console-producer", 3);
+ RequestContext context = new RequestContext(header, "0", InetAddress.getLocalHost(),
+ KafkaPrincipal.ANONYMOUS, new ListenerName("ssl"), SecurityProtocol.SASL_SSL,
+ ClientInformation.EMPTY, true);
+
+ String msg = assertThrows(InvalidRequestException.class,
+ () -> context.parseRequest(corruptBuffer)).getCause().getMessage();
+ assertEquals("Tried to allocate a collection of size 1073741823, but there are only 17 bytes remaining.", msg);
+ }
+
+ @Test
+ public void testInvalidRequestForArrayList() throws UnknownHostException {
+ short version = (short) 5; // choose a version with fixed length encoding, for simplicity
+ ByteBuffer corruptBuffer = produceRequest(version);
+ // corrupt the length of the partitions array
+ corruptBuffer.putInt(17, Integer.MAX_VALUE);
+
+ RequestHeader header = new RequestHeader(ApiKeys.PRODUCE, version, "console-producer", 3);
+ RequestContext context = new RequestContext(header, "0", InetAddress.getLocalHost(),
+ KafkaPrincipal.ANONYMOUS, new ListenerName("ssl"), SecurityProtocol.SASL_SSL,
+ ClientInformation.EMPTY, true);
+
+ String msg = assertThrows(InvalidRequestException.class,
+ () -> context.parseRequest(corruptBuffer)).getCause().getMessage();
+ assertEquals(
+ "Tried to allocate a collection of size 2147483647, but there are only 8 bytes remaining.", msg);
+ }
+
+ private ByteBuffer produceRequest(short version) {
+ ProduceRequestData data = new ProduceRequestData()
+ .setAcks((short) -1)
+ .setTimeoutMs(1);
+ data.topicData().add(
+ new ProduceRequestData.TopicProduceData()
+ .setName("foo")
+ .setPartitionData(Collections.singletonList(new ProduceRequestData.PartitionProduceData()
+ .setIndex(42))));
+
+ return serialize(version, data);
+ }
+
+ private ByteBuffer serialize(short version, ApiMessage data) {
+ ObjectSerializationCache cache = new ObjectSerializationCache();
+ data.size(cache, version);
+ ByteBuffer buffer = ByteBuffer.allocate(1024);
+ data.write(new ByteBufferAccessor(buffer), cache, version);
+ buffer.flip();
+ return buffer;
+ }
+
+ @Test
+ public void testInvalidRequestForByteArray() throws UnknownHostException {
+ short version = (short) 1; // choose a version with fixed length encoding, for simplicity
+ ByteBuffer corruptBuffer = serialize(version, new SaslAuthenticateRequestData().setAuthBytes(new byte[0]));
+ // corrupt the length of the bytes array
+ corruptBuffer.putInt(0, Integer.MAX_VALUE);
+
+ RequestHeader header = new RequestHeader(ApiKeys.SASL_AUTHENTICATE, version, "console-producer", 1);
+ RequestContext context = new RequestContext(header, "0", InetAddress.getLocalHost(),
+ KafkaPrincipal.ANONYMOUS, new ListenerName("ssl"), SecurityProtocol.SASL_SSL,
+ ClientInformation.EMPTY, true);
+
+ String msg = assertThrows(InvalidRequestException.class,
+ () -> context.parseRequest(corruptBuffer)).getCause().getMessage();
+ assertEquals("Error reading byte array of 2147483647 byte(s): only 0 byte(s) available", msg);
+ }
+
}
diff --git a/clients/src/test/java/org/apache/kafka/common/requests/RequestResponseTest.java b/clients/src/test/java/org/apache/kafka/common/requests/RequestResponseTest.java
index b6df4c44d63..390cacf4337 100644
--- a/clients/src/test/java/org/apache/kafka/common/requests/RequestResponseTest.java
+++ b/clients/src/test/java/org/apache/kafka/common/requests/RequestResponseTest.java
@@ -210,6 +210,7 @@ import org.apache.kafka.common.protocol.ApiKeys;
import org.apache.kafka.common.protocol.ByteBufferAccessor;
import org.apache.kafka.common.protocol.Errors;
import org.apache.kafka.common.protocol.ObjectSerializationCache;
+import org.apache.kafka.common.protocol.types.RawTaggedField;
import org.apache.kafka.common.quota.ClientQuotaAlteration;
import org.apache.kafka.common.quota.ClientQuotaEntity;
import org.apache.kafka.common.quota.ClientQuotaFilter;
@@ -231,6 +232,7 @@ import org.apache.kafka.common.security.token.delegation.DelegationToken;
import org.apache.kafka.common.security.token.delegation.TokenInformation;
import org.apache.kafka.common.utils.SecurityUtils;
import org.apache.kafka.common.utils.Utils;
+import org.junit.jupiter.api.Assertions;
import org.junit.jupiter.api.Test;
import java.nio.BufferUnderflowException;
@@ -269,6 +271,7 @@ import static org.apache.kafka.common.protocol.ApiKeys.LIST_OFFSETS;
import static org.apache.kafka.common.protocol.ApiKeys.METADATA;
import static org.apache.kafka.common.protocol.ApiKeys.OFFSET_FETCH;
import static org.apache.kafka.common.protocol.ApiKeys.PRODUCE;
+import static org.apache.kafka.common.protocol.ApiKeys.SASL_AUTHENTICATE;
import static org.apache.kafka.common.protocol.ApiKeys.STOP_REPLICA;
import static org.apache.kafka.common.protocol.ApiKeys.SYNC_GROUP;
import static org.apache.kafka.common.protocol.ApiKeys.UPDATE_METADATA;
@@ -3360,4 +3363,92 @@ public class RequestResponseTest {
return new ListTransactionsResponse(response);
}
+ @Test
+ public void testInvalidSaslHandShakeRequest() {
+ AbstractRequest request = new SaslHandshakeRequest.Builder(
+ new SaslHandshakeRequestData().setMechanism("PLAIN")).build();
+ ByteBuffer serializedBytes = request.serialize();
+ // corrupt the length of the sasl mechanism string
+ serializedBytes.putShort(0, Short.MAX_VALUE);
+
+ String msg = assertThrows(RuntimeException.class, () -> AbstractRequest.
+ parseRequest(request.apiKey(), request.version(), serializedBytes)).getMessage();
+ assertEquals("Error reading byte array of 32767 byte(s): only 5 byte(s) available", msg);
+ }
+
+ @Test
+ public void testInvalidSaslAuthenticateRequest() {
+ short version = (short) 1; // choose a version with fixed length encoding, for simplicity
+ byte[] b = new byte[] {
+ 0x11, 0x1f, 0x15, 0x2c,
+ 0x5e, 0x2a, 0x20, 0x26,
+ 0x6c, 0x39, 0x45, 0x1f,
+ 0x25, 0x1c, 0x2d, 0x25,
+ 0x43, 0x2a, 0x11, 0x76
+ };
+ SaslAuthenticateRequestData data = new SaslAuthenticateRequestData().setAuthBytes(b);
+ AbstractRequest request = new SaslAuthenticateRequest(data, version);
+ ByteBuffer serializedBytes = request.serialize();
+
+ // corrupt the length of the bytes array
+ serializedBytes.putInt(0, Integer.MAX_VALUE);
+
+ String msg = assertThrows(RuntimeException.class, () -> AbstractRequest.
+ parseRequest(request.apiKey(), request.version(), serializedBytes)).getMessage();
+ assertEquals("Error reading byte array of 2147483647 byte(s): only 20 byte(s) available", msg);
+ }
+
+ @Test
+ public void testValidTaggedFieldsWithSaslAuthenticateRequest() {
+ byte[] byteArray = new byte[11];
+ ByteBufferAccessor accessor = new ByteBufferAccessor(ByteBuffer.wrap(byteArray));
+
+ //construct a SASL_AUTHENTICATE request
+ byte[] authBytes = "test".getBytes(StandardCharsets.UTF_8);
+ accessor.writeUnsignedVarint(authBytes.length + 1);
+ accessor.writeByteArray(authBytes);
+
+ //write total numbers of tags
+ accessor.writeUnsignedVarint(1);
+
+ //write first tag
+ RawTaggedField taggedField = new RawTaggedField(1, new byte[] {0x1, 0x2, 0x3});
+ accessor.writeUnsignedVarint(taggedField.tag());
+ accessor.writeUnsignedVarint(taggedField.size());
+ accessor.writeByteArray(taggedField.data());
+
+ accessor.flip();
+
+ SaslAuthenticateRequest saslAuthenticateRequest = (SaslAuthenticateRequest) AbstractRequest.
+ parseRequest(SASL_AUTHENTICATE, SASL_AUTHENTICATE.latestVersion(), accessor.buffer()).request;
+ Assertions.assertArrayEquals(authBytes, saslAuthenticateRequest.data().authBytes());
+ assertEquals(1, saslAuthenticateRequest.data().unknownTaggedFields().size());
+ assertEquals(taggedField, saslAuthenticateRequest.data().unknownTaggedFields().get(0));
+ }
+
+ @Test
+ public void testInvalidTaggedFieldsWithSaslAuthenticateRequest() {
+ byte[] byteArray = new byte[13];
+ ByteBufferAccessor accessor = new ByteBufferAccessor(ByteBuffer.wrap(byteArray));
+
+ //construct a SASL_AUTHENTICATE request
+ byte[] authBytes = "test".getBytes(StandardCharsets.UTF_8);
+ accessor.writeUnsignedVarint(authBytes.length + 1);
+ accessor.writeByteArray(authBytes);
+
+ //write total numbers of tags
+ accessor.writeUnsignedVarint(1);
+
+ //write first tag
+ RawTaggedField taggedField = new RawTaggedField(1, new byte[] {0x1, 0x2, 0x3});
+ accessor.writeUnsignedVarint(taggedField.tag());
+ accessor.writeUnsignedVarint(Short.MAX_VALUE); // set wrong size for tagged field
+ accessor.writeByteArray(taggedField.data());
+
+ accessor.flip();
+
+ String msg = assertThrows(RuntimeException.class, () -> AbstractRequest.
+ parseRequest(SASL_AUTHENTICATE, SASL_AUTHENTICATE.latestVersion(), accessor.buffer())).getMessage();
+ assertEquals("Error reading byte array of 32767 byte(s): only 3 byte(s) available", msg);
+ }
}
diff --git a/clients/src/test/resources/common/message/SimpleArraysMessage.json b/clients/src/test/resources/common/message/SimpleArraysMessage.json
new file mode 100644
index 00000000000..76dc283b6a7
--- /dev/null
+++ b/clients/src/test/resources/common/message/SimpleArraysMessage.json
@@ -0,0 +1,29 @@
+// Licensed to the Apache Software Foundation (ASF) under one or more
+// contributor license agreements. See the NOTICE file distributed with
+// this work for additional information regarding copyright ownership.
+// The ASF licenses this file to You under the Apache License, Version 2.0
+// (the "License"); you may not use this file except in compliance with
+// the License. You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+{
+ "name": "SimpleArraysMessage",
+ "type": "header",
+ "validVersions": "0-2",
+ "flexibleVersions": "1+",
+ "fields": [
+ { "name": "Goats", "type": "[]StructArray", "versions": "1+",
+ "fields": [
+ { "name": "Color", "type": "int8", "versions": "1+"},
+ { "name": "Name", "type": "string", "versions": "2+"}
+ ]
+ },
+ { "name": "Sheep", "type": "[]int32", "versions": "0+" }
+ ]
+}
diff --git a/core/src/main/scala/kafka/tools/TestRaftServer.scala b/core/src/main/scala/kafka/tools/TestRaftServer.scala
index a72784c469a..ef97b6ccdaa 100644
--- a/core/src/main/scala/kafka/tools/TestRaftServer.scala
+++ b/core/src/main/scala/kafka/tools/TestRaftServer.scala
@@ -299,11 +299,7 @@ object TestRaftServer extends Logging {
out.writeByteArray(data)
}
- override def read(input: protocol.Readable, size: Int): Array[Byte] = {
- val data = new Array[Byte](size)
- input.readArray(data)
- data
- }
+ override def read(input: protocol.Readable, size: Int): Array[Byte] = input.readArray(size)
}
private class LatencyHistogram(
diff --git a/core/src/test/scala/kafka/raft/KafkaMetadataLogTest.scala b/core/src/test/scala/kafka/raft/KafkaMetadataLogTest.scala
index 99b4f817be4..fa9885e3583 100644
--- a/core/src/test/scala/kafka/raft/KafkaMetadataLogTest.scala
+++ b/core/src/test/scala/kafka/raft/KafkaMetadataLogTest.scala
@@ -1010,11 +1010,7 @@ object KafkaMetadataLogTest {
override def write(data: Array[Byte], serializationCache: ObjectSerializationCache, out: Writable): Unit = {
out.writeByteArray(data)
}
- override def read(input: protocol.Readable, size: Int): Array[Byte] = {
- val array = new Array[Byte](size)
- input.readArray(array)
- array
- }
+ override def read(input: protocol.Readable, size: Int): Array[Byte] = input.readArray(size)
}
val DefaultMetadataLogConfig = MetadataLogConfig(
diff --git a/generator/src/main/java/org/apache/kafka/message/MessageDataGenerator.java b/generator/src/main/java/org/apache/kafka/message/MessageDataGenerator.java
index 235667480cc..45188fa8109 100644
--- a/generator/src/main/java/org/apache/kafka/message/MessageDataGenerator.java
+++ b/generator/src/main/java/org/apache/kafka/message/MessageDataGenerator.java
@@ -612,8 +612,7 @@ public final class MessageDataGenerator implements MessageClassGenerator {
buffer.printf("%s_readable.readByteBuffer(%s)%s",
assignmentPrefix, lengthVar, assignmentSuffix);
} else {
- buffer.printf("byte[] newBytes = new byte[%s];%n", lengthVar);
- buffer.printf("_readable.readArray(newBytes);%n");
+ buffer.printf("byte[] newBytes = _readable.readArray(%s);%n", lengthVar);
buffer.printf("%snewBytes%s", assignmentPrefix, assignmentSuffix);
}
} else if (type.isRecords()) {
@@ -621,6 +620,12 @@ public final class MessageDataGenerator implements MessageClassGenerator {
assignmentPrefix, lengthVar, assignmentSuffix);
} else if (type.isArray()) {
FieldType.ArrayType arrayType = (FieldType.ArrayType) type;
+ buffer.printf("if (%s > _readable.remaining()) {%n", lengthVar);
+ buffer.incrementIndent();
+ buffer.printf("throw new RuntimeException(\"Tried to allocate a collection of size \" + %s + \", but " +
+ "there are only \" + _readable.remaining() + \" bytes remaining.\");%n", lengthVar);
+ buffer.decrementIndent();
+ buffer.printf("}%n");
if (isStructArrayWithKeys) {
headerGenerator.addImport(MessageGenerator.IMPLICIT_LINKED_HASH_MULTI_COLLECTION_CLASS);
buffer.printf("%s newCollection = new %s(%s);%n",
diff --git a/raft/src/main/java/org/apache/kafka/raft/internals/RecordsIterator.java b/raft/src/main/java/org/apache/kafka/raft/internals/RecordsIterator.java
index ff415aa72ad..efb1d69a34f 100644
--- a/raft/src/main/java/org/apache/kafka/raft/internals/RecordsIterator.java
+++ b/raft/src/main/java/org/apache/kafka/raft/internals/RecordsIterator.java
@@ -16,6 +16,7 @@
*/
package org.apache.kafka.raft.internals;
+import java.io.DataInputStream;
import java.io.IOException;
import java.io.UncheckedIOException;
import java.nio.ByteBuffer;
@@ -25,14 +26,16 @@ import java.util.Iterator;
import java.util.List;
import java.util.NoSuchElementException;
import java.util.Optional;
-import org.apache.kafka.common.protocol.DataInputStreamReadable;
-import org.apache.kafka.common.protocol.Readable;
+
+import org.apache.kafka.common.protocol.ByteBufferAccessor;
import org.apache.kafka.common.record.DefaultRecordBatch;
import org.apache.kafka.common.record.FileRecords;
import org.apache.kafka.common.record.MemoryRecords;
import org.apache.kafka.common.record.MutableRecordBatch;
import org.apache.kafka.common.record.Records;
import org.apache.kafka.common.utils.BufferSupplier;
+import org.apache.kafka.common.utils.ByteUtils;
+import org.apache.kafka.common.utils.Utils;
import org.apache.kafka.raft.Batch;
import org.apache.kafka.server.common.serialization.RecordSerde;
@@ -53,6 +56,13 @@ public final class RecordsIterator<T> implements Iterator<Batch<T>>, AutoCloseab
private int bytesRead = 0;
private boolean isClosed = false;
+ /**
+ * This class provides an iterator over records retrieved via the raft client or from a snapshot
+ * @param records the records
+ * @param serde the serde to deserialize records
+ * @param bufferSupplier the buffer supplier implementation to allocate buffers when reading records. This must return ByteBuffer allocated on the heap
+ * @param batchSize the maximum batch size
+ */
public RecordsIterator(
Records records,
RecordSerde<T> serde,
@@ -99,7 +109,7 @@ public final class RecordsIterator<T> implements Iterator<Batch<T>>, AutoCloseab
private void ensureOpen() {
if (isClosed) {
- throw new IllegalStateException("Serde record batch itererator was closed");
+ throw new IllegalStateException("Serde record batch iterator was closed");
}
}
@@ -205,11 +215,14 @@ public final class RecordsIterator<T> implements Iterator<Batch<T>>, AutoCloseab
}
List<T> records = new ArrayList<>(numRecords);
- try (DataInputStreamReadable input = new DataInputStreamReadable(batch.recordInputStream(bufferSupplier))) {
+ DataInputStream input = new DataInputStream(batch.recordInputStream(bufferSupplier));
+ try {
for (int i = 0; i < numRecords; i++) {
- T record = readRecord(input);
+ T record = readRecord(input, batch.sizeInBytes());
records.add(record);
}
+ } finally {
+ Utils.closeQuietly(input, "DataInputStream");
}
result = Batch.data(
@@ -224,39 +237,74 @@ public final class RecordsIterator<T> implements Iterator<Batch<T>>, AutoCloseab
return result;
}
- private T readRecord(Readable input) {
+ private T readRecord(DataInputStream stream, int totalBatchSize) {
// Read size of body in bytes
- input.readVarint();
+ int size;
+ try {
+ size = ByteUtils.readVarint(stream);
+ } catch (IOException e) {
+ throw new UncheckedIOException("Unable to read record size", e);
+ }
+ if (size <= 0) {
+ throw new RuntimeException("Invalid non-positive frame size: " + size);
+ }
+ if (size > totalBatchSize) {
+ throw new RuntimeException("Specified frame size, " + size + ", is larger than the entire size of the " +
+ "batch, which is " + totalBatchSize);
+ }
+ ByteBuffer buf = bufferSupplier.get(size);
- // Read unused attributes
- input.readByte();
+ // The last byte of the buffer is reserved for a varint set to the number of record headers, which
+ // must be 0. Therefore, we set the ByteBuffer limit to size - 1.
+ buf.limit(size - 1);
- long timestampDelta = input.readVarlong();
- if (timestampDelta != 0) {
- throw new IllegalArgumentException();
+ try {
+ int bytesRead = stream.read(buf.array(), 0, size);
+ if (bytesRead != size) {
+ throw new RuntimeException("Unable to read " + size + " bytes, only read " + bytesRead);
+ }
+ } catch (IOException e) {
+ throw new UncheckedIOException("Failed to read record bytes", e);
}
+ try {
+ ByteBufferAccessor input = new ByteBufferAccessor(buf);
- // Read offset delta
- input.readVarint();
+ // Read unused attributes
+ input.readByte();
- int keySize = input.readVarint();
- if (keySize != -1) {
- throw new IllegalArgumentException("Unexpected key size " + keySize);
- }
+ long timestampDelta = input.readVarlong();
+ if (timestampDelta != 0) {
+ throw new IllegalArgumentException("Got timestamp delta of " + timestampDelta + ", but this is invalid because it " +
+ "is not 0 as expected.");
+ }
- int valueSize = input.readVarint();
- if (valueSize < 0) {
- throw new IllegalArgumentException();
- }
+ // Read offset delta
+ input.readVarint();
- // Read the metadata record body from the file input reader
- T record = serde.read(input, valueSize);
+ int keySize = input.readVarint();
+ if (keySize != -1) {
+ throw new IllegalArgumentException("Got key size of " + keySize + ", but this is invalid because it " +
+ "is not -1 as expected.");
+ }
- int numHeaders = input.readVarint();
- if (numHeaders != 0) {
- throw new IllegalArgumentException();
- }
+ int valueSize = input.readVarint();
+ if (valueSize < 1) {
+ throw new IllegalArgumentException("Got payload size of " + valueSize + ", but this is invalid because " +
+ "it is less than 1.");
+ }
+
+ // Read the metadata record body from the file input reader
+ T record = serde.read(input, valueSize);
- return record;
+ // Read the number of headers. Currently, this must be a single byte set to 0.
+ int numHeaders = buf.array()[size - 1];
+ if (numHeaders != 0) {
+ throw new IllegalArgumentException("Got numHeaders of " + numHeaders + ", but this is invalid because " +
+ "it is not 0 as expected.");
+ }
+ return record;
+ } finally {
+ bufferSupplier.release(buf);
+ }
}
}
diff --git a/raft/src/main/java/org/apache/kafka/raft/internals/StringSerde.java b/raft/src/main/java/org/apache/kafka/raft/internals/StringSerde.java
index c2a011a687d..15475be319f 100644
--- a/raft/src/main/java/org/apache/kafka/raft/internals/StringSerde.java
+++ b/raft/src/main/java/org/apache/kafka/raft/internals/StringSerde.java
@@ -40,8 +40,7 @@ public class StringSerde implements RecordSerde<String> {
@Override
public String read(Readable input, int size) {
- byte[] data = new byte[size];
- input.readArray(data);
+ byte[] data = input.readArray(size);
return Utils.utf8(data);
}
[kafka] 02/02: MINOR: Add configurable max receive size for SASL authentication requests
Posted by ma...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
manikumar pushed a commit to branch trunk
in repository https://gitbox.apache.org/repos/asf/kafka.git
commit 5587c65fd3c5c7f28b459e1c8589ca7cc8b52409
Author: Manikumar Reddy <ma...@gmail.com>
AuthorDate: Mon May 16 19:25:02 2022 +0530
MINOR: Add configurable max receive size for SASL authentication requests
This adds a new configuration `sasl.server.max.receive.size` that sets the maximum receive size for requests before and during authentication.
Reviewers: Tom Bentley <tb...@redhat.com>, Mickael Maison <mi...@gmail.com>
Co-authored-by: Manikumar Reddy <ma...@gmail.com>
Co-authored-by: Mickael Maison <mi...@gmail.com>
---
checkstyle/suppressions.xml | 2 +
.../config/internals/BrokerSecurityConfigs.java | 6 +++
.../authenticator/SaslServerAuthenticator.java | 16 ++++++--
.../kafka/common/security/TestSecurityConfig.java | 2 +
.../authenticator/SaslAuthenticatorTest.java | 46 ++++++++++++++++++++++
.../authenticator/SaslServerAuthenticatorTest.java | 6 +--
core/src/main/scala/kafka/server/KafkaConfig.scala | 4 ++
.../scala/unit/kafka/server/KafkaConfigTest.scala | 2 +
8 files changed, 77 insertions(+), 7 deletions(-)
diff --git a/checkstyle/suppressions.xml b/checkstyle/suppressions.xml
index 55fcd1a9e53..7c32223961b 100644
--- a/checkstyle/suppressions.xml
+++ b/checkstyle/suppressions.xml
@@ -49,6 +49,8 @@
files="(Fetcher|Sender|SenderTest|ConsumerCoordinator|KafkaConsumer|KafkaProducer|Utils|TransactionManager|TransactionManagerTest|KafkaAdminClient|NetworkClient|Admin|KafkaRaftClient|KafkaRaftClientTest|RaftClientTestContext).java"/>
<suppress checks="ClassFanOutComplexity"
files="(SaslServerAuthenticator|SaslAuthenticatorTest).java"/>
+ <suppress checks="NPath"
+ files="SaslServerAuthenticator.java"/>
<suppress checks="ClassFanOutComplexity"
files="Errors.java"/>
<suppress checks="ClassFanOutComplexity"
diff --git a/clients/src/main/java/org/apache/kafka/common/config/internals/BrokerSecurityConfigs.java b/clients/src/main/java/org/apache/kafka/common/config/internals/BrokerSecurityConfigs.java
index 0b90da8f800..8b7a9649c2c 100644
--- a/clients/src/main/java/org/apache/kafka/common/config/internals/BrokerSecurityConfigs.java
+++ b/clients/src/main/java/org/apache/kafka/common/config/internals/BrokerSecurityConfigs.java
@@ -36,6 +36,8 @@ public class BrokerSecurityConfigs {
public static final String SASL_SERVER_CALLBACK_HANDLER_CLASS = "sasl.server.callback.handler.class";
public static final String SSL_PRINCIPAL_MAPPING_RULES_CONFIG = "ssl.principal.mapping.rules";
public static final String CONNECTIONS_MAX_REAUTH_MS = "connections.max.reauth.ms";
+ public static final int DEFAULT_SASL_SERVER_MAX_RECEIVE_SIZE = 524288;
+ public static final String SASL_SERVER_MAX_RECEIVE_SIZE_CONFIG = "sasl.server.max.receive.size";
public static final String PRINCIPAL_BUILDER_CLASS_DOC = "The fully qualified name of a class that implements the " +
"KafkaPrincipalBuilder interface, which is used to build the KafkaPrincipal object used during " +
@@ -89,4 +91,8 @@ public class BrokerSecurityConfigs {
+ "The broker will disconnect any such connection that is not re-authenticated within the session lifetime and that is then subsequently "
+ "used for any purpose other than re-authentication. Configuration names can optionally be prefixed with listener prefix and SASL "
+ "mechanism name in lower-case. For example, listener.name.sasl_ssl.oauthbearer.connections.max.reauth.ms=3600000";
+
+ public static final String SASL_SERVER_MAX_RECEIVE_SIZE_DOC = "The maximum receive size allowed before and during initial SASL authentication." +
+ " Default receive size is 512KB. GSSAPI limits requests to 64K, but we allow upto 512KB by default for custom SASL mechanisms. In practice," +
+ " PLAIN, SCRAM and OAUTH mechanisms can use much smaller limits.";
}
diff --git a/clients/src/main/java/org/apache/kafka/common/security/authenticator/SaslServerAuthenticator.java b/clients/src/main/java/org/apache/kafka/common/security/authenticator/SaslServerAuthenticator.java
index 019723b6b40..51b02952a62 100644
--- a/clients/src/main/java/org/apache/kafka/common/security/authenticator/SaslServerAuthenticator.java
+++ b/clients/src/main/java/org/apache/kafka/common/security/authenticator/SaslServerAuthenticator.java
@@ -27,6 +27,7 @@ import org.apache.kafka.common.errors.UnsupportedSaslMechanismException;
import org.apache.kafka.common.errors.UnsupportedVersionException;
import org.apache.kafka.common.message.SaslAuthenticateResponseData;
import org.apache.kafka.common.message.SaslHandshakeResponseData;
+import org.apache.kafka.common.network.InvalidReceiveException;
import org.apache.kafka.common.network.Authenticator;
import org.apache.kafka.common.network.ByteBufferSend;
import org.apache.kafka.common.network.ChannelBuilders;
@@ -88,8 +89,6 @@ import java.util.Optional;
import java.util.function.Supplier;
public class SaslServerAuthenticator implements Authenticator {
- // GSSAPI limits requests to 64K, but we allow a bit extra for custom SASL mechanisms
- static final int MAX_RECEIVE_SIZE = 524288;
private static final Logger LOG = LoggerFactory.getLogger(SaslServerAuthenticator.class);
/**
@@ -140,6 +139,7 @@ public class SaslServerAuthenticator implements Authenticator {
private String saslMechanism;
// buffers used in `authenticate`
+ private Integer saslAuthRequestMaxReceiveSize;
private NetworkReceive netInBuffer;
private Send netOutBuffer;
private Send authenticationFailureSend = null;
@@ -189,6 +189,10 @@ public class SaslServerAuthenticator implements Authenticator {
// Note that the old principal builder does not support SASL, so we do not need to pass the
// authenticator or the transport layer
this.principalBuilder = ChannelBuilders.createPrincipalBuilder(configs, kerberosNameParser, null);
+
+ saslAuthRequestMaxReceiveSize = (Integer) configs.get(BrokerSecurityConfigs.SASL_SERVER_MAX_RECEIVE_SIZE_CONFIG);
+ if (saslAuthRequestMaxReceiveSize == null)
+ saslAuthRequestMaxReceiveSize = BrokerSecurityConfigs.DEFAULT_SASL_SERVER_MAX_RECEIVE_SIZE;
}
private void createSaslServer(String mechanism) throws IOException {
@@ -252,9 +256,13 @@ public class SaslServerAuthenticator implements Authenticator {
}
// allocate on heap (as opposed to any socket server memory pool)
- if (netInBuffer == null) netInBuffer = new NetworkReceive(MAX_RECEIVE_SIZE, connectionId);
+ if (netInBuffer == null) netInBuffer = new NetworkReceive(saslAuthRequestMaxReceiveSize, connectionId);
- netInBuffer.readFrom(transportLayer);
+ try {
+ netInBuffer.readFrom(transportLayer);
+ } catch (InvalidReceiveException e) {
+ throw new SaslAuthenticationException("Failing SASL authentication due to invalid receive size", e);
+ }
if (!netInBuffer.complete())
return;
netInBuffer.payload().rewind();
diff --git a/clients/src/test/java/org/apache/kafka/common/security/TestSecurityConfig.java b/clients/src/test/java/org/apache/kafka/common/security/TestSecurityConfig.java
index 07cbb7856dd..197151f5fbc 100644
--- a/clients/src/test/java/org/apache/kafka/common/security/TestSecurityConfig.java
+++ b/clients/src/test/java/org/apache/kafka/common/security/TestSecurityConfig.java
@@ -38,6 +38,8 @@ public class TestSecurityConfig extends AbstractConfig {
null, Importance.MEDIUM, BrokerSecurityConfigs.PRINCIPAL_BUILDER_CLASS_DOC)
.define(BrokerSecurityConfigs.CONNECTIONS_MAX_REAUTH_MS, Type.LONG, 0L, Importance.MEDIUM,
BrokerSecurityConfigs.CONNECTIONS_MAX_REAUTH_MS_DOC)
+ .define(BrokerSecurityConfigs.SASL_SERVER_MAX_RECEIVE_SIZE_CONFIG, Type.INT, BrokerSecurityConfigs.DEFAULT_SASL_SERVER_MAX_RECEIVE_SIZE,
+ Importance.LOW, BrokerSecurityConfigs.SASL_SERVER_MAX_RECEIVE_SIZE_DOC)
.withClientSslSupport()
.withClientSaslSupport();
diff --git a/clients/src/test/java/org/apache/kafka/common/security/authenticator/SaslAuthenticatorTest.java b/clients/src/test/java/org/apache/kafka/common/security/authenticator/SaslAuthenticatorTest.java
index 988a0f28232..40a27935f3f 100644
--- a/clients/src/test/java/org/apache/kafka/common/security/authenticator/SaslAuthenticatorTest.java
+++ b/clients/src/test/java/org/apache/kafka/common/security/authenticator/SaslAuthenticatorTest.java
@@ -212,6 +212,52 @@ public class SaslAuthenticatorTest {
checkAuthenticationAndReauthentication(securityProtocol, node);
}
+ /**
+ * Test SASL/PLAIN with sasl.authentication.max.receive.size config
+ */
+ @Test
+ public void testSaslAuthenticationMaxReceiveSize() throws Exception {
+ SecurityProtocol securityProtocol = SecurityProtocol.SASL_PLAINTEXT;
+ configureMechanisms("PLAIN", Collections.singletonList("PLAIN"));
+
+ // test auth with 1KB receive size
+ saslServerConfigs.put(BrokerSecurityConfigs.SASL_SERVER_MAX_RECEIVE_SIZE_CONFIG, "1024");
+ server = createEchoServer(securityProtocol);
+
+ // test valid sasl authentication
+ String node1 = "valid";
+ checkAuthenticationAndReauthentication(securityProtocol, node1);
+
+ // test with handshake request with large mechanism string
+ byte[] bytes = new byte[1024];
+ new Random().nextBytes(bytes);
+ String mechanism = new String(bytes, StandardCharsets.UTF_8);
+ String node2 = "invalid1";
+ createClientConnection(SecurityProtocol.PLAINTEXT, node2);
+ SaslHandshakeRequest handshakeRequest = buildSaslHandshakeRequest(mechanism, ApiKeys.SASL_HANDSHAKE.latestVersion());
+ RequestHeader header = new RequestHeader(ApiKeys.SASL_HANDSHAKE, handshakeRequest.version(), "someclient", nextCorrelationId++);
+ NetworkSend send = new NetworkSend(node2, handshakeRequest.toSend(header));
+ selector.send(send);
+ //we will get exception in server and connection gets closed.
+ NetworkTestUtils.waitForChannelClose(selector, node2, ChannelState.READY.state());
+ selector.close();
+
+ String node3 = "invalid2";
+ createClientConnection(SecurityProtocol.PLAINTEXT, node3);
+ sendHandshakeRequestReceiveResponse(node3, ApiKeys.SASL_HANDSHAKE.latestVersion());
+
+ // test with sasl authenticate request with large auth_byes string
+ String authString = "\u0000" + TestJaasConfig.USERNAME + "\u0000" + new String(bytes, StandardCharsets.UTF_8);
+ ByteBuffer authBuf = ByteBuffer.wrap(Utils.utf8(authString));
+ SaslAuthenticateRequestData data = new SaslAuthenticateRequestData().setAuthBytes(authBuf.array());
+ SaslAuthenticateRequest request = new SaslAuthenticateRequest.Builder(data).build();
+ header = new RequestHeader(ApiKeys.SASL_AUTHENTICATE, request.version(), "someclient", nextCorrelationId++);
+ send = new NetworkSend(node3, request.toSend(header));
+ selector.send(send);
+ NetworkTestUtils.waitForChannelClose(selector, node3, ChannelState.READY.state());
+ server.verifyAuthenticationMetrics(1, 2);
+ }
+
/**
* Tests that SASL/PLAIN clients with invalid password fail authentication.
*/
diff --git a/clients/src/test/java/org/apache/kafka/common/security/authenticator/SaslServerAuthenticatorTest.java b/clients/src/test/java/org/apache/kafka/common/security/authenticator/SaslServerAuthenticatorTest.java
index 50696ecf051..b0dec3e522a 100644
--- a/clients/src/test/java/org/apache/kafka/common/security/authenticator/SaslServerAuthenticatorTest.java
+++ b/clients/src/test/java/org/apache/kafka/common/security/authenticator/SaslServerAuthenticatorTest.java
@@ -18,6 +18,7 @@ package org.apache.kafka.common.security.authenticator;
import org.apache.kafka.common.config.internals.BrokerSecurityConfigs;
import org.apache.kafka.common.errors.IllegalSaslStateException;
+import org.apache.kafka.common.errors.SaslAuthenticationException;
import org.apache.kafka.common.message.ApiMessageType;
import org.apache.kafka.common.message.SaslAuthenticateRequestData;
import org.apache.kafka.common.message.SaslHandshakeRequestData;
@@ -25,7 +26,6 @@ import org.apache.kafka.common.network.ChannelBuilders;
import org.apache.kafka.common.network.ChannelMetadataRegistry;
import org.apache.kafka.common.network.ClientInformation;
import org.apache.kafka.common.network.DefaultChannelMetadataRegistry;
-import org.apache.kafka.common.network.InvalidReceiveException;
import org.apache.kafka.common.network.ListenerName;
import org.apache.kafka.common.network.TransportLayer;
import org.apache.kafka.common.protocol.ApiKeys;
@@ -96,10 +96,10 @@ public class SaslServerAuthenticatorTest {
SCRAM_SHA_256.mechanismName(), new DefaultChannelMetadataRegistry());
when(transportLayer.read(any(ByteBuffer.class))).then(invocation -> {
- invocation.<ByteBuffer>getArgument(0).putInt(SaslServerAuthenticator.MAX_RECEIVE_SIZE + 1);
+ invocation.<ByteBuffer>getArgument(0).putInt(BrokerSecurityConfigs.DEFAULT_SASL_SERVER_MAX_RECEIVE_SIZE + 1);
return 4;
});
- assertThrows(InvalidReceiveException.class, authenticator::authenticate);
+ assertThrows(SaslAuthenticationException.class, authenticator::authenticate);
verify(transportLayer).read(any(ByteBuffer.class));
}
diff --git a/core/src/main/scala/kafka/server/KafkaConfig.scala b/core/src/main/scala/kafka/server/KafkaConfig.scala
index 30d12f91883..caf9a7f682a 100755
--- a/core/src/main/scala/kafka/server/KafkaConfig.scala
+++ b/core/src/main/scala/kafka/server/KafkaConfig.scala
@@ -262,6 +262,7 @@ object Defaults {
/** ********* General Security configuration ***********/
val ConnectionsMaxReauthMsDefault = 0L
+ val DefaultServerMaxMaxReceiveSize = BrokerSecurityConfigs.DEFAULT_SASL_SERVER_MAX_RECEIVE_SIZE
val DefaultPrincipalSerde = classOf[DefaultKafkaPrincipalBuilder]
/** ********* Sasl configuration ***********/
@@ -575,6 +576,7 @@ object KafkaConfig {
/** ******** Common Security Configuration *************/
val PrincipalBuilderClassProp = BrokerSecurityConfigs.PRINCIPAL_BUILDER_CLASS_CONFIG
val ConnectionsMaxReauthMsProp = BrokerSecurityConfigs.CONNECTIONS_MAX_REAUTH_MS
+ val SaslServerMaxReceiveSizeProp = BrokerSecurityConfigs.SASL_SERVER_MAX_RECEIVE_SIZE_CONFIG
val securityProviderClassProp = SecurityConfig.SECURITY_PROVIDERS_CONFIG
/** ********* SSL Configuration ****************/
@@ -1027,6 +1029,7 @@ object KafkaConfig {
/** ******** Common Security Configuration *************/
val PrincipalBuilderClassDoc = BrokerSecurityConfigs.PRINCIPAL_BUILDER_CLASS_DOC
val ConnectionsMaxReauthMsDoc = BrokerSecurityConfigs.CONNECTIONS_MAX_REAUTH_MS_DOC
+ val SaslServerMaxReceiveSizeDoc = BrokerSecurityConfigs.SASL_SERVER_MAX_RECEIVE_SIZE_DOC
val securityProviderClassDoc = SecurityConfig.SECURITY_PROVIDERS_DOC
/** ********* SSL Configuration ****************/
@@ -1338,6 +1341,7 @@ object KafkaConfig {
/** ********* General Security Configuration ****************/
.define(ConnectionsMaxReauthMsProp, LONG, Defaults.ConnectionsMaxReauthMsDefault, MEDIUM, ConnectionsMaxReauthMsDoc)
+ .define(SaslServerMaxReceiveSizeProp, INT, Defaults.DefaultServerMaxMaxReceiveSize, MEDIUM, SaslServerMaxReceiveSizeDoc)
.define(securityProviderClassProp, STRING, null, LOW, securityProviderClassDoc)
/** ********* SSL Configuration ****************/
diff --git a/core/src/test/scala/unit/kafka/server/KafkaConfigTest.scala b/core/src/test/scala/unit/kafka/server/KafkaConfigTest.scala
index ee638ba893d..78adff5f8fc 100755
--- a/core/src/test/scala/unit/kafka/server/KafkaConfigTest.scala
+++ b/core/src/test/scala/unit/kafka/server/KafkaConfigTest.scala
@@ -946,6 +946,8 @@ class KafkaConfigTest {
case KafkaConfig.KafkaMetricsReporterClassesProp => // ignore
case KafkaConfig.KafkaMetricsPollingIntervalSecondsProp => //ignore
+ case KafkaConfig.SaslServerMaxReceiveSizeProp => assertPropertyInvalid(baseProperties, name, "not_a_number")
+
// Raft Quorum Configs
case RaftConfig.QUORUM_VOTERS_CONFIG => // ignore string
case RaftConfig.QUORUM_ELECTION_TIMEOUT_MS_CONFIG => assertPropertyInvalid(baseProperties, name, "not_a_number")