Uploaded image for project: 'Kafka'
  1. Kafka
  2. KAFKA-3169

Kafka broker throws OutOfMemory error with invalid SASL packet

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Critical
    • Resolution: Fixed
    • Affects Version/s: 0.9.0.0
    • Fix Version/s: 0.9.0.1
    • Component/s: security
    • Labels:
      None

      Description

      Receive buffer used in Kafka servers to process SASL packets is unbounded. This can results in brokers crashing with OutOfMemory error when an invalid SASL packet is received.

      There is a standard SASL property in Java javax.security.sasl.maxbuffer that can be used to specify buffer size. When properties are added to the Sasl implementation in KAFKA-3149, we can use the standard property to limit receive buffer size.

      But since this is a potential DoS issue, we should set a reasonable limit in 0.9.0.1.

        Attachments

          Activity

            People

            • Assignee:
              rsivaram Rajini Sivaram
              Reporter:
              rsivaram Rajini Sivaram
              Reviewer:
              sriharsha chintalapani
            • Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: