You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@cassandra.apache.org by "David Allsopp (Commented) (JIRA)" <ji...@apache.org> on 2011/11/15 13:00:53 UTC

[jira] [Commented] (CASSANDRA-3017) add a Message size limit

    [ https://issues.apache.org/jira/browse/CASSANDRA-3017?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13150408#comment-13150408 ] 

David Allsopp commented on CASSANDRA-3017:
------------------------------------------

In the latest trunk code, at least, isn't it {{bodySize}} not {{totalSize}} that we need to check, to avoid huge buffers? {{totalSize}} is only used to skip spare bytes at the end (could check both, of course).

While we're there, should we also check for negative values (does anything terribly bad happen if the value is negative?).

Could fix typo in the log message ("Ignorning") while you're there!
                
> add a Message size limit
> ------------------------
>
>                 Key: CASSANDRA-3017
>                 URL: https://issues.apache.org/jira/browse/CASSANDRA-3017
>             Project: Cassandra
>          Issue Type: Improvement
>          Components: Core
>            Reporter: Jonathan Ellis
>            Assignee: Ryan King
>            Priority: Minor
>              Labels: lhf
>         Attachments: 0001-use-the-thrift-max-message-size-for-inter-node-messa.patch
>
>
> We protect the server from allocating huge buffers for malformed message with the Thrift frame size (CASSANDRA-475).  But we don't have similar protection for the inter-node Message objects.
> Adding this would be good to deal with malicious adversaries as well as a malfunctioning cluster participant.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira