[THRIFT-2660] Validate the bytes received in TSaslTransport - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Closed
Priority: Major
Resolution: Fixed
Affects Version/s: 0.9
Fix Version/s: 0.9.2
Component/s: Java - Library
Labels:
None

Patch Info:

Patch Available

Description

In TSaslTransport#receiveSaslMessage, we are doing two things incorrectly:

Not validating the status byte code.
Not validating the decoded payload size integer before allocating a whole array with it.

The latter especially is bad when a network security software sends a thrift server port some garbage data, causing it to receive failures like:

java.lang.OutOfMemoryError: Java heap space
	at org.apache.thrift.transport.TSaslTransport.receiveSaslMessage(TSaslTransport.java:181)
	at org.apache.thrift.transport.TSaslServerTransport.handleSaslStartMessage(TSaslServerTransport.java:125)
	at org.apache.thrift.transport.TSaslTransport.open(TSaslTransport.java:253)

Or even,

ERROR org.apache.thrift.server.TThreadPoolServer: Error occurred during processing of message.
java.lang.NegativeArraySizeException
        at org.apache.thrift.transport.TSaslTransport.receiveSaslMessage(TSaslTransport.java:181)
        at org.apache.thrift.transport.TSaslServerTransport.handleSaslStartMessage(TSaslServerTransport.java:125)
        at org.apache.thrift.transport.TSaslTransport.open(TSaslTransport.java:253)

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending

THRIFT-2660.patch
12/Aug/14 20:09
4 kB
Harsh J
THRIFT-2660.patch
13/Aug/14 02:49
4 kB
Harsh J

Issue Links

is related to

HIVE-6468 HS2 & Metastore using SASL out of memory error when curl sends a get request

Closed

relates to

THRIFT-2678 Make max message size configurable

Closed

Activity

People

Assignee:: Roger Meier

Reporter:: Harsh J

Votes:: 0 Vote for this issue

Watchers:: 7 Start watching this issue

Dates

Created:: 12/Aug/14 20:08

Updated:: 05/Nov/14 04:48

Resolved:: 13/Aug/14 10:38