avro-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From tomwh...@apache.org
Subject svn commit: r1383365 - in /avro/trunk: CHANGES.txt lang/java/ipc/src/main/java/org/apache/avro/ipc/NettyTransportCodec.java lang/java/ipc/src/test/java/org/apache/avro/ipc/TestNettyServer.java
Date Tue, 11 Sep 2012 11:48:44 GMT
Author: tomwhite
Date: Tue Sep 11 11:48:44 2012
New Revision: 1383365

URL: http://svn.apache.org/viewvc?rev=1383365&view=rev
Log:
AVRO-1111. Malformed data can cause OutOfMemoryError in Avro IPC. Contributed by Mike Percy.

Modified:
    avro/trunk/CHANGES.txt
    avro/trunk/lang/java/ipc/src/main/java/org/apache/avro/ipc/NettyTransportCodec.java
    avro/trunk/lang/java/ipc/src/test/java/org/apache/avro/ipc/TestNettyServer.java

Modified: avro/trunk/CHANGES.txt
URL: http://svn.apache.org/viewvc/avro/trunk/CHANGES.txt?rev=1383365&r1=1383364&r2=1383365&view=diff
==============================================================================
--- avro/trunk/CHANGES.txt (original)
+++ avro/trunk/CHANGES.txt Tue Sep 11 11:48:44 2012
@@ -37,6 +37,9 @@ Avro 1.7.2 (unreleased)
 
     AVRO-1152. Java: Fix TestTraceSingletons for Java 7. (cutting)
 
+    AVRO-1111. Malformed data can cause OutOfMemoryError in Avro IPC.
+    (Mike Percy via tomwhite)
+
 Avro 1.7.1 (16 July 2012)
 
   NEW FEATURES

Modified: avro/trunk/lang/java/ipc/src/main/java/org/apache/avro/ipc/NettyTransportCodec.java
URL: http://svn.apache.org/viewvc/avro/trunk/lang/java/ipc/src/main/java/org/apache/avro/ipc/NettyTransportCodec.java?rev=1383365&r1=1383364&r2=1383365&view=diff
==============================================================================
--- avro/trunk/lang/java/ipc/src/main/java/org/apache/avro/ipc/NettyTransportCodec.java (original)
+++ avro/trunk/lang/java/ipc/src/main/java/org/apache/avro/ipc/NettyTransportCodec.java Tue
Sep 11 11:48:44 2012
@@ -21,6 +21,7 @@ package org.apache.avro.ipc;
 import java.nio.ByteBuffer;
 import java.util.ArrayList;
 import java.util.List;
+import org.apache.avro.AvroRuntimeException;
 
 import org.jboss.netty.buffer.ChannelBuffer;
 import org.jboss.netty.buffer.ChannelBuffers;
@@ -119,6 +120,13 @@ public class NettyTransportCodec {
     private boolean packHeaderRead = false;
     private int listSize;
     private NettyDataPack dataPack;
+    private final long maxMem;
+    private static final long SIZEOF_REF = 8L; // mem usage of 64-bit pointer
+
+
+    public NettyFrameDecoder() {
+      maxMem = Runtime.getRuntime().maxMemory();
+    }
     
     /**
      * decode buffer to NettyDataPack
@@ -150,8 +158,19 @@ public class NettyTransportCodec {
       }
 
       int serial = buffer.readInt();
-      listSize = buffer.readInt();
+      int listSize = buffer.readInt();
+
+      // Sanity check to reduce likelihood of invalid requests being honored.
+      // Only allow 10% of available memory to go towards this list (too much!)
+      if (listSize * SIZEOF_REF > 0.1 * maxMem) {
+        channel.close().await();
+        throw new AvroRuntimeException("Excessively large list allocation " +
+            "request detected: " + listSize + " items! Connection closed.");
+      }
+
+      this.listSize = listSize;
       dataPack = new NettyDataPack(serial, new ArrayList<ByteBuffer>(listSize));
+
       return true;
     }
     

Modified: avro/trunk/lang/java/ipc/src/test/java/org/apache/avro/ipc/TestNettyServer.java
URL: http://svn.apache.org/viewvc/avro/trunk/lang/java/ipc/src/test/java/org/apache/avro/ipc/TestNettyServer.java?rev=1383365&r1=1383364&r2=1383365&view=diff
==============================================================================
--- avro/trunk/lang/java/ipc/src/test/java/org/apache/avro/ipc/TestNettyServer.java (original)
+++ avro/trunk/lang/java/ipc/src/test/java/org/apache/avro/ipc/TestNettyServer.java Tue Sep
11 11:48:44 2012
@@ -18,9 +18,14 @@
 
 package org.apache.avro.ipc;
 
+import java.io.IOException;
+import java.io.OutputStream;
 import static org.junit.Assert.assertEquals;
 
 import java.net.InetSocketAddress;
+import java.net.Socket;
+import java.net.UnknownHostException;
+import java.nio.charset.Charset;
 import java.util.concurrent.CountDownLatch;
 import java.util.concurrent.TimeUnit;
 
@@ -148,4 +153,20 @@ public class TestNettyServer {
     return msg;
   }
 
+  // send a malformed request (HTTP) to the NettyServer port
+  @Test
+  public void testBadRequest() throws IOException {
+    int port = server.getPort();
+    String msg = "GET /status HTTP/1.1\n\n";
+    InetSocketAddress sockAddr = new InetSocketAddress("127.0.0.1", port);
+    Socket sock = new Socket();
+    sock.connect(sockAddr);
+    OutputStream out = sock.getOutputStream();
+    out.write(msg.getBytes(Charset.forName("UTF-8")));
+    out.flush();
+    byte[] buf = new byte[2048];
+    int bytesRead = sock.getInputStream().read(buf);
+    Assert.assertTrue("Connection should have been closed", bytesRead == -1);
+  }
+
 }



Mime
View raw message