Uploaded image for project: 'Kafka'
  1. Kafka
  2. KAFKA-3169

Kafka broker throws OutOfMemory error with invalid SASL packet

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Resolved
    • Critical
    • Resolution: Fixed
    • 0.9.0.0
    • 0.9.0.1
    • security
    • None

    Description

      Receive buffer used in Kafka servers to process SASL packets is unbounded. This can results in brokers crashing with OutOfMemory error when an invalid SASL packet is received.

      There is a standard SASL property in Java javax.security.sasl.maxbuffer that can be used to specify buffer size. When properties are added to the Sasl implementation in KAFKA-3149, we can use the standard property to limit receive buffer size.

      But since this is a potential DoS issue, we should set a reasonable limit in 0.9.0.1.

      Attachments

        Activity

          People

            rsivaram Rajini Sivaram
            rsivaram Rajini Sivaram
            sriharsha chintalapani sriharsha chintalapani
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: