[
https://issues.apache.org/jira/browse/HADOOP-6809?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Tsz Wo (Nicholas), SZE updated HADOOP-6809:
-------------------------------------------
Component/s: ipc
(was: io)
> rpc allow creating arbitrary size of objects
> --------------------------------------------
>
> Key: HADOOP-6809
> URL: https://issues.apache.org/jira/browse/HADOOP-6809
> Project: Hadoop Common
> Issue Type: Bug
> Components: ipc
> Reporter: Tsz Wo (Nicholas), SZE
>
> When o.a.h.ipc.Server receives a rpc method call, it reads the parameters by
> initializing an o.a.h.ipc.RPC.Invocation object, which read the parameter
> values by calling ObjectWritable.readObject(..). However,
> ObjectWritable.readObject(..) does not limit the object size and may create
> objects with arbitrary size. As a consequence, any rpc client may create
> large objects in the server by passing large parameter objects.
> For example, a user application may creates large objects in the namenode by
> calling DistributedFileSystem.setOwner(p, username, groupname) if username or
> groupname are large strings. In such case, it could easily bring down the
> namenode.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
