Details
-
Improvement
-
Status: Resolved
-
Critical
-
Resolution: Fixed
-
2.11
-
Fixed potential OOM in thin client protocol handler caused by malicious or garbage data.
-
Docs Required, Release Notes Required
Description
As thin client protocol interprets first 4 bytes as message size and allocate array for it. Any "big" 4 bytes sent on thin client port could leads to OOM.
Some ideas to resolve:
- print WARN in case of big client message
- allocate array not for all message, but allocate it gradually.
- read more then first4 bytes to understand is it real client message, or it is some trash.
Attachments
Issue Links
- is related to
-
IGNITE-15925 Ignite 3: Make thin client protocol more robust
- Open
- links to