You are viewing a plain text version of this content. The canonical link for it is here.
Posted to jira@kafka.apache.org by GitBox <gi...@apache.org> on 2022/07/10 00:04:55 UTC
[GitHub] [kafka] dpcollins-google opened a new pull request, #12399: KAFKA-14063: Prevent malicious tiny payloads from causing OOMs with variably sized collections
dpcollins-google opened a new pull request, #12399:
URL: https://github.com/apache/kafka/pull/12399
When parsing code receives a payload for a variable length field where the length is specified in the code as some arbitrarily large number (assume INT32_MAX for example) this will immediately try to allocate an ArrayList to hold this many elements, before checking whether this is a reasonable array size given the available data.
The fix for this is to instead throw a runtime exception if the length of a variably sized container exceeds the amount of remaining data. Then, the worst a user can do is force the server to allocate 8x the size of the actual delivered data (if they claim there are N elements for a container of Objects (i.e. not a byte string) and each Object bottoms out in an 8 byte pointer in the ArrayList's backing array).
This was identified by fuzzing the kafka request parsing code.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: jira-unsubscribe@kafka.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [kafka] Hangleton commented on pull request #12399: KAFKA-14063: Prevent malicious tiny payloads from causing OOMs with variably sized collections
Posted by "Hangleton (via GitHub)" <gi...@apache.org>.
Hangleton commented on PR #12399:
URL: https://github.com/apache/kafka/pull/12399#issuecomment-1414383920
The vulnerability has been addressed by the following commits.
- [Apache Kafka 2.8](https://github.com/apache/kafka/commit/14951a83e3fdead212156e5532359500d72f68bc)
- [Apache Kafka 3.0](https://github.com/apache/kafka/commit/aaceb6b79bfcb1d32874ccdbc8f3138d1c1c00fb)
- [Apache Kafka 3.1](https://github.com/apache/kafka/commit/c1295662768e64b4467e27c3d5158f95f2307657)
- [Apache Kafka 3.2](https://github.com/apache/kafka/commit/2bfa24b2bd416e7b8c4a0c566b984c43904fdecb)
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: jira-unsubscribe@kafka.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [kafka] omkreddy closed pull request #12399: KAFKA-14063: Prevent malicious tiny payloads from causing OOMs with variably sized collections
Posted by "omkreddy (via GitHub)" <gi...@apache.org>.
omkreddy closed pull request #12399: KAFKA-14063: Prevent malicious tiny payloads from causing OOMs with variably sized collections
URL: https://github.com/apache/kafka/pull/12399
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: jira-unsubscribe@kafka.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [kafka] clolov commented on pull request #12399: KAFKA-14063: Prevent malicious tiny payloads from causing OOMs with variably sized collections
Posted by GitBox <gi...@apache.org>.
clolov commented on PR #12399:
URL: https://github.com/apache/kafka/pull/12399#issuecomment-1180186207
Hello! This looks like a very interesting find. Could you write a test which tests this?
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: jira-unsubscribe@kafka.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org