avro-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Eric Evans (JIRA)" <j...@apache.org>
Subject [jira] Created: (AVRO-391) DoS possible on java rpc servers
Date Mon, 01 Feb 2010 17:52:18 GMT
DoS possible on java rpc servers
--------------------------------

                 Key: AVRO-391
                 URL: https://issues.apache.org/jira/browse/AVRO-391
             Project: Avro
          Issue Type: Bug
          Components: java
    Affects Versions: 1.3.0
         Environment: OpenJDK 1.6, Linux
            Reporter: Eric Evans


It is possible to crash an avro rpc server (java) by writing random strings to the socket:

Try... 
echo "boom" | nc localhost 9160

You get...
java.lang.OutOfMemoryError: Java heap space
	at java.nio.HeapByteBuffer.<init>(HeapByteBuffer.java:57)
	at java.nio.ByteBuffer.allocate(ByteBuffer.java:329)
	at org.apache.avro.ipc.SocketTransceiver.readBuffers(SocketTransceiver.java:65)
	at org.apache.avro.ipc.SocketServer$Connection.run(SocketServer.java:91)
	at java.lang.Thread.run(Thread.java:636)

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


Mime
View raw message