You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@thrift.apache.org by "Dave Watson (JIRA)" <ji...@apache.org> on 2011/09/09 02:22:08 UTC

[jira] [Created] (THRIFT-1337) thrift: support maximum frame size in

 thrift: support maximum frame size in

---------------------------------------

                 Key: THRIFT-1337
                 URL: https://issues.apache.org/jira/browse/THRIFT-1337
             Project: Thrift
          Issue Type: Improvement
          Components: C++ - Library
            Reporter: Dave Watson
            Priority: Minor
         Attachments: 0033-thrift-support-maximum-frame-size-in-TNonblockingSer.patch

>From 0dc0b12d1b00f9036407283315e9019a1f9f3b58 Mon Sep 17 00:00:00 2001
From: Adam Simpkins <si...@fb.com>
Date: Mon, 26 Apr 2010 19:47:59 +0000
Subject: [PATCH 33/33] thrift: support maximum frame size in
 TNonblockingServer

Summary:
This prevents the C++ TNonblockingServer from trying to allocate a giant
buffer when a client sends a huge frame size.  Usually if this occurs,
if is because a client is simply sending garbage data to the server.

For now, it defaults to 256MB.  Hopefully this value is large enough not
to cause problems for legitimate service requests.  Services that do
actually have messages larger than this value will need to update their
code to set a larger value than the default.

Test Plan:
Ran the tests in thrift/lib/cpp/processor/test.
Also ran thrift/lib/cpp/server/test/TNonblockingServerTest.cpp,
and tested sending garbage frame sizes to it.

Revert Plan:
OK

---
 lib/cpp/src/server/TNonblockingServer.cpp |   14 +++++++++++---
 lib/cpp/src/server/TNonblockingServer.h   |   28 ++++++++++++++++++++++++++++
 2 files changed, 39 insertions(+), 3 deletions(-)



--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira

[jira] [Commented] (THRIFT-1337) thrift: support maximum frame size in

Posted by "Hudson (Commented) (JIRA)" <ji...@apache.org>.

    [ https://issues.apache.org/jira/browse/THRIFT-1337?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13167203#comment-13167203 ] 

Hudson commented on THRIFT-1337:
--------------------------------

Integrated in Thrift #360 (See [https://builds.apache.org/job/Thrift/360/])
    THRIFT-1337 support maximum frame size in TNonblockingServer
Patch: Dave Watson

roger : http://svn.apache.org/viewvc/?view=rev&rev=1213052
Files : 
* /thrift/trunk/lib/cpp/src/server/TNonblockingServer.cpp
* /thrift/trunk/lib/cpp/src/server/TNonblockingServer.h

                
>  thrift: support maximum frame size in

> ---------------------------------------
>
>                 Key: THRIFT-1337
>                 URL: https://issues.apache.org/jira/browse/THRIFT-1337
>             Project: Thrift
>          Issue Type: Improvement
>          Components: C++ - Library
>            Reporter: Dave Watson
>            Assignee: Roger Meier
>            Priority: Minor
>         Attachments: 0033-thrift-support-maximum-frame-size-in-TNonblockingSer.patch
>
>
> From 0dc0b12d1b00f9036407283315e9019a1f9f3b58 Mon Sep 17 00:00:00 2001
> From: Adam Simpkins <si...@fb.com>
> Date: Mon, 26 Apr 2010 19:47:59 +0000
> Subject: [PATCH 33/33] thrift: support maximum frame size in
>  TNonblockingServer
> Summary:
> This prevents the C++ TNonblockingServer from trying to allocate a giant
> buffer when a client sends a huge frame size.  Usually if this occurs,
> if is because a client is simply sending garbage data to the server.
> For now, it defaults to 256MB.  Hopefully this value is large enough not
> to cause problems for legitimate service requests.  Services that do
> actually have messages larger than this value will need to update their
> code to set a larger value than the default.
> Test Plan:
> Ran the tests in thrift/lib/cpp/processor/test.
> Also ran thrift/lib/cpp/server/test/TNonblockingServerTest.cpp,
> and tested sending garbage frame sizes to it.
> Revert Plan:
> OK
> ---
>  lib/cpp/src/server/TNonblockingServer.cpp |   14 +++++++++++---
>  lib/cpp/src/server/TNonblockingServer.h   |   28 ++++++++++++++++++++++++++++
>  2 files changed, 39 insertions(+), 3 deletions(-)

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

[jira] [Updated] (THRIFT-1337) thrift: support maximum frame size in

Posted by "Dave Watson (JIRA)" <ji...@apache.org>.

     [ https://issues.apache.org/jira/browse/THRIFT-1337?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Dave Watson updated THRIFT-1337:
--------------------------------

    Attachment: 0033-thrift-support-maximum-frame-size-in-TNonblockingSer.patch

>  thrift: support maximum frame size in

> ---------------------------------------
>
>                 Key: THRIFT-1337
>                 URL: https://issues.apache.org/jira/browse/THRIFT-1337
>             Project: Thrift
>          Issue Type: Improvement
>          Components: C++ - Library
>            Reporter: Dave Watson
>            Priority: Minor
>         Attachments: 0033-thrift-support-maximum-frame-size-in-TNonblockingSer.patch
>
>
> From 0dc0b12d1b00f9036407283315e9019a1f9f3b58 Mon Sep 17 00:00:00 2001
> From: Adam Simpkins <si...@fb.com>
> Date: Mon, 26 Apr 2010 19:47:59 +0000
> Subject: [PATCH 33/33] thrift: support maximum frame size in
>  TNonblockingServer
> Summary:
> This prevents the C++ TNonblockingServer from trying to allocate a giant
> buffer when a client sends a huge frame size.  Usually if this occurs,
> if is because a client is simply sending garbage data to the server.
> For now, it defaults to 256MB.  Hopefully this value is large enough not
> to cause problems for legitimate service requests.  Services that do
> actually have messages larger than this value will need to update their
> code to set a larger value than the default.
> Test Plan:
> Ran the tests in thrift/lib/cpp/processor/test.
> Also ran thrift/lib/cpp/server/test/TNonblockingServerTest.cpp,
> and tested sending garbage frame sizes to it.
> Revert Plan:
> OK
> ---
>  lib/cpp/src/server/TNonblockingServer.cpp |   14 +++++++++++---
>  lib/cpp/src/server/TNonblockingServer.h   |   28 ++++++++++++++++++++++++++++
>  2 files changed, 39 insertions(+), 3 deletions(-)

--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira

[jira] [Commented] (THRIFT-1337) thrift: support maximum frame size in

Posted by "Mike Riley (Commented) (JIRA)" <ji...@apache.org>.

    [ https://issues.apache.org/jira/browse/THRIFT-1337?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13154314#comment-13154314 ] 

Mike Riley commented on THRIFT-1337:
------------------------------------

I get the feeling that people aren't generally using thrift for a public facing client, though that's what I'm experimenting with it as.  So far this is the only obvious fault resting on thrift's shoulders that I've come across which poses a serious problem assuming you may have malicious clients. It's way too easy for someone to just send a big number (and nothing else!) causing a bad alloc and crashing your server.
                
>  thrift: support maximum frame size in

> ---------------------------------------
>
>                 Key: THRIFT-1337
>                 URL: https://issues.apache.org/jira/browse/THRIFT-1337
>             Project: Thrift
>          Issue Type: Improvement
>          Components: C++ - Library
>            Reporter: Dave Watson
>            Priority: Minor
>         Attachments: 0033-thrift-support-maximum-frame-size-in-TNonblockingSer.patch
>
>
> From 0dc0b12d1b00f9036407283315e9019a1f9f3b58 Mon Sep 17 00:00:00 2001
> From: Adam Simpkins <si...@fb.com>
> Date: Mon, 26 Apr 2010 19:47:59 +0000
> Subject: [PATCH 33/33] thrift: support maximum frame size in
>  TNonblockingServer
> Summary:
> This prevents the C++ TNonblockingServer from trying to allocate a giant
> buffer when a client sends a huge frame size.  Usually if this occurs,
> if is because a client is simply sending garbage data to the server.
> For now, it defaults to 256MB.  Hopefully this value is large enough not
> to cause problems for legitimate service requests.  Services that do
> actually have messages larger than this value will need to update their
> code to set a larger value than the default.
> Test Plan:
> Ran the tests in thrift/lib/cpp/processor/test.
> Also ran thrift/lib/cpp/server/test/TNonblockingServerTest.cpp,
> and tested sending garbage frame sizes to it.
> Revert Plan:
> OK
> ---
>  lib/cpp/src/server/TNonblockingServer.cpp |   14 +++++++++++---
>  lib/cpp/src/server/TNonblockingServer.h   |   28 ++++++++++++++++++++++++++++
>  2 files changed, 39 insertions(+), 3 deletions(-)

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

[jira] [Resolved] (THRIFT-1337) thrift: support maximum frame size in

Posted by "Roger Meier (Resolved) (JIRA)" <ji...@apache.org>.

     [ https://issues.apache.org/jira/browse/THRIFT-1337?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Roger Meier resolved THRIFT-1337.
---------------------------------

    Resolution: Fixed
      Assignee: Roger Meier

Thanks Dave!
rebased and committed
-roger

                
>  thrift: support maximum frame size in

> ---------------------------------------
>
>                 Key: THRIFT-1337
>                 URL: https://issues.apache.org/jira/browse/THRIFT-1337
>             Project: Thrift
>          Issue Type: Improvement
>          Components: C++ - Library
>            Reporter: Dave Watson
>            Assignee: Roger Meier
>            Priority: Minor
>         Attachments: 0033-thrift-support-maximum-frame-size-in-TNonblockingSer.patch
>
>
> From 0dc0b12d1b00f9036407283315e9019a1f9f3b58 Mon Sep 17 00:00:00 2001
> From: Adam Simpkins <si...@fb.com>
> Date: Mon, 26 Apr 2010 19:47:59 +0000
> Subject: [PATCH 33/33] thrift: support maximum frame size in
>  TNonblockingServer
> Summary:
> This prevents the C++ TNonblockingServer from trying to allocate a giant
> buffer when a client sends a huge frame size.  Usually if this occurs,
> if is because a client is simply sending garbage data to the server.
> For now, it defaults to 256MB.  Hopefully this value is large enough not
> to cause problems for legitimate service requests.  Services that do
> actually have messages larger than this value will need to update their
> code to set a larger value than the default.
> Test Plan:
> Ran the tests in thrift/lib/cpp/processor/test.
> Also ran thrift/lib/cpp/server/test/TNonblockingServerTest.cpp,
> and tested sending garbage frame sizes to it.
> Revert Plan:
> OK
> ---
>  lib/cpp/src/server/TNonblockingServer.cpp |   14 +++++++++++---
>  lib/cpp/src/server/TNonblockingServer.h   |   28 ++++++++++++++++++++++++++++
>  2 files changed, 39 insertions(+), 3 deletions(-)

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira