You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@ignite.apache.org by "Dmitry Pavlov (Jira)" <ji...@apache.org> on 2022/08/16 13:47:00 UTC

[jira] [Updated] (IGNITE-15921) Vulnerability in thin client protocol leads to OOM

     [ https://issues.apache.org/jira/browse/IGNITE-15921?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Dmitry Pavlov updated IGNITE-15921:
-----------------------------------
    Labels: ise ise.lts  (was: ise.lts)

> Vulnerability in thin client protocol leads to OOM
> --------------------------------------------------
>
>                 Key: IGNITE-15921
>                 URL: https://issues.apache.org/jira/browse/IGNITE-15921
>             Project: Ignite
>          Issue Type: Improvement
>          Components: thin client
>    Affects Versions: 2.11
>            Reporter: Ilya Kazakov
>            Assignee: Pavel Tupitsyn
>            Priority: Critical
>              Labels: ise, ise.lts
>             Fix For: 2.13
>
>          Time Spent: 1h 20m
>  Remaining Estimate: 0h
>
> As thin client protocol interprets first 4 bytes as message size and allocate array for it. Any "big" 4 bytes sent on thin client port could leads to OOM.
> Some ideas to resolve:
>  - print WARN in case of big client message
>  - allocate array not for all message, but allocate it gradually.
>  - read more then first4 bytes to understand is it real client message, or it is some trash.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)