cassandra-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "David Allsopp (Commented) (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (CASSANDRA-3017) add a Message size limit
Date Tue, 15 Nov 2011 12:00:53 GMT

    [ https://issues.apache.org/jira/browse/CASSANDRA-3017?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13150408#comment-13150408
] 

David Allsopp commented on CASSANDRA-3017:
------------------------------------------

In the latest trunk code, at least, isn't it {{bodySize}} not {{totalSize}} that we need to
check, to avoid huge buffers? {{totalSize}} is only used to skip spare bytes at the end (could
check both, of course).

While we're there, should we also check for negative values (does anything terribly bad happen
if the value is negative?).

Could fix typo in the log message ("Ignorning") while you're there!
                
> add a Message size limit
> ------------------------
>
>                 Key: CASSANDRA-3017
>                 URL: https://issues.apache.org/jira/browse/CASSANDRA-3017
>             Project: Cassandra
>          Issue Type: Improvement
>          Components: Core
>            Reporter: Jonathan Ellis
>            Assignee: Ryan King
>            Priority: Minor
>              Labels: lhf
>         Attachments: 0001-use-the-thrift-max-message-size-for-inter-node-messa.patch
>
>
> We protect the server from allocating huge buffers for malformed message with the Thrift
frame size (CASSANDRA-475).  But we don't have similar protection for the inter-node Message
objects.
> Adding this would be good to deal with malicious adversaries as well as a malfunctioning
cluster participant.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

        

Mime
View raw message