You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@ignite.apache.org by "Luchnikov Alexander (Jira)" <ji...@apache.org> on 2022/05/13 07:58:00 UTC
[jira] [Updated] (IGNITE-15921) Vulnerability in thin client protocol leads to OOM
[ https://issues.apache.org/jira/browse/IGNITE-15921?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Luchnikov Alexander updated IGNITE-15921:
-----------------------------------------
Labels: ise.lts (was: )
> Vulnerability in thin client protocol leads to OOM
> --------------------------------------------------
>
> Key: IGNITE-15921
> URL: https://issues.apache.org/jira/browse/IGNITE-15921
> Project: Ignite
> Issue Type: Improvement
> Components: thin client
> Affects Versions: 2.11
> Reporter: Ilya Kazakov
> Assignee: Pavel Tupitsyn
> Priority: Critical
> Labels: ise.lts
> Fix For: 2.13
>
> Time Spent: 1h 20m
> Remaining Estimate: 0h
>
> As thin client protocol interprets first 4 bytes as message size and allocate array for it. Any "big" 4 bytes sent on thin client port could leads to OOM.
> Some ideas to resolve:
> - print WARN in case of big client message
> - allocate array not for all message, but allocate it gradually.
> - read more then first4 bytes to understand is it real client message, or it is some trash.
--
This message was sent by Atlassian Jira
(v8.20.7#820007)