[
https://issues.apache.org/jira/browse/AVRO-391?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12853347#action_12853347
]
Jeff Hodges commented on AVRO-391:
----------------------------------
c.f. THRIFT-601.
> DoS possible on java rpc servers
> --------------------------------
>
> Key: AVRO-391
> URL: https://issues.apache.org/jira/browse/AVRO-391
> Project: Avro
> Issue Type: Bug
> Components: java
> Affects Versions: 1.3.0
> Environment: OpenJDK 1.6, Linux
> Reporter: Eric Evans
>
> It is possible to crash an avro rpc server (java) by writing random strings
> to the socket:
> Try...
> echo "boom" | nc localhost 9160
> You get...
> java.lang.OutOfMemoryError: Java heap space
> at java.nio.HeapByteBuffer.<init>(HeapByteBuffer.java:57)
> at java.nio.ByteBuffer.allocate(ByteBuffer.java:329)
> at
> org.apache.avro.ipc.SocketTransceiver.readBuffers(SocketTransceiver.java:65)
> at org.apache.avro.ipc.SocketServer$Connection.run(SocketServer.java:91)
> at java.lang.Thread.run(Thread.java:636)
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
