Return-Path: Delivered-To: apmail-hadoop-common-dev-archive@www.apache.org Received: (qmail 67523 invoked from network); 4 Jun 2010 00:08:25 -0000 Received: from unknown (HELO mail.apache.org) (140.211.11.3) by 140.211.11.9 with SMTP; 4 Jun 2010 00:08:25 -0000 Received: (qmail 50923 invoked by uid 500); 4 Jun 2010 00:08:24 -0000 Delivered-To: apmail-hadoop-common-dev-archive@hadoop.apache.org Received: (qmail 50820 invoked by uid 500); 4 Jun 2010 00:08:24 -0000 Mailing-List: contact common-dev-help@hadoop.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: common-dev@hadoop.apache.org Delivered-To: mailing list common-dev@hadoop.apache.org Received: (qmail 50791 invoked by uid 99); 4 Jun 2010 00:08:24 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 04 Jun 2010 00:08:24 +0000 X-ASF-Spam-Status: No, hits=-2000.0 required=10.0 tests=ALL_TRUSTED X-Spam-Check-By: apache.org Received: from [140.211.11.22] (HELO thor.apache.org) (140.211.11.22) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 04 Jun 2010 00:08:22 +0000 Received: from thor (localhost [127.0.0.1]) by thor.apache.org (8.13.8+Sun/8.13.8) with ESMTP id o54080LK006312 for ; Fri, 4 Jun 2010 00:08:00 GMT Message-ID: <15434198.171361275610080896.JavaMail.jira@thor> Date: Thu, 3 Jun 2010 20:08:00 -0400 (EDT) From: "Tsz Wo (Nicholas), SZE (JIRA)" To: common-dev@hadoop.apache.org Subject: [jira] Created: (HADOOP-6809) rpc allow creating arbitrary size of objects MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-JIRA-FingerPrint: 30527f35849b9dde25b450d4833f0394 X-Virus-Checked: Checked by ClamAV on apache.org rpc allow creating arbitrary size of objects -------------------------------------------- Key: HADOOP-6809 URL: https://issues.apache.org/jira/browse/HADOOP-6809 Project: Hadoop Common Issue Type: Bug Components: io Reporter: Tsz Wo (Nicholas), SZE When o.a.h.ipc.Server receives a rpc method call, it reads the parameters by initializing an o.a.h.ipc.RPC.Invocation object, which read the parameter values by calling ObjectWritable.readObject(..). However, ObjectWritable.readObject(..) does not limit the object size and may create objects with arbitrary size. As a consequence, any rpc client may create large objects in the server by passing large parameter objects. For example, a user application may creates large objects in the namenode by calling DistributedFileSystem.setOwner(p, username, groupname) if username or groupname are large strings. In such case, it could easily bring down the namenode. -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online.