[KAFKA-2878] Kafka broker throws OutOfMemory exception with invalid join group request - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Resolved
Priority: Critical
Resolution: Fixed
Affects Version/s: 0.9.0.0
Fix Version/s: 0.9.0.1, 0.10.0.0
Component/s: clients
Labels:
None

Description

Array allocation for join group request doesn't have any checks and hence can result in OutOfMemory exception in the broker. Array size from the request should be validated to avoid DoS attacks on a secure installation of Kafka.

at org/apache/kafka/common/protocol/types/ArrayOf.read(ArrayOf.java:44)
at org/apache/kafka/common/protocol/types/Schema.read(Schema.java:69)
at org/apache/kafka/common/protocol/ProtoUtils.parseRequest(ProtoUtils.java:60)
at org/apache/kafka/common/requests/JoinGroupRequest.parse(JoinGroupRequest.java:144)
at org/apache/kafka/common/requests/AbstractRequest.getRequest(AbstractRequest.java:55)
at kafka/network/RequestChannel$Request.<init>(RequestChannel.scala:78)

Attachments

Activity

People

Assignee:: Rajini Sivaram

Reporter:: Rajini Sivaram

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Dates

Created:: 23/Nov/15 22:03

Updated:: 18/Feb/16 09:27

Resolved:: 25/Nov/15 16:53