[jira] Created: (AVRO-391) DoS possible on java rpc servers

Eric Evans (JIRA) Mon, 01 Feb 2010 09:52:40 -0800

DoS possible on java rpc servers
--------------------------------

                 Key: AVRO-391
                 URL: https://issues.apache.org/jira/browse/AVRO-391
             Project: Avro
          Issue Type: Bug
          Components: java
    Affects Versions: 1.3.0
         Environment: OpenJDK 1.6, Linux
            Reporter: Eric Evans



It is possible to crash an avro rpc server (java) by writing random strings to 
the socket:

Try... 
echo "boom" | nc localhost 9160

You get...
java.lang.OutOfMemoryError: Java heap space
        at java.nio.HeapByteBuffer.<init>(HeapByteBuffer.java:57)
        at java.nio.ByteBuffer.allocate(ByteBuffer.java:329)
        at 
org.apache.avro.ipc.SocketTransceiver.readBuffers(SocketTransceiver.java:65)
        at org.apache.avro.ipc.SocketServer$Connection.run(SocketServer.java:91)
        at java.lang.Thread.run(Thread.java:636)

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

[jira] Created: (AVRO-391) DoS possible on java rpc servers

Reply via email to