[jira] [Commented] (KAFKA-3169) Kafka broker throws OutOfMemory error with invalid SASL packet

Fri, 29 Jan 2016 05:15:01 -0800 

    [ 
https://issues.apache.org/jira/browse/KAFKA-3169?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15123458#comment-15123458
 ] 

ASF GitHub Bot commented on KAFKA-3169:
---------------------------------------

GitHub user rajinisivaram opened a pull request:

    https://github.com/apache/kafka/pull/831

    KAFKA-3169: Limit receive buffer size for SASL packets in broker

    Limit receive buffer size to avoid OOM in broker with invalid SASL packets

You can merge this pull request into a Git repository by running:

    $ git pull https://github.com/rajinisivaram/kafka KAFKA-3169

Alternatively you can review and apply these changes as the patch at:

    https://github.com/apache/kafka/pull/831.patch

To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:

    This closes #831
    
----
commit add436b8d3ad03f1189547bb4bfac824295d7e63
Author: Rajini Sivaram <rajinisiva...@googlemail.com>
Date:   2016-01-29T13:02:08Z

    KAFKA-3169: Limit receive buffer size for SASL packets to avoid broker OOM 
with invalid packets

----


> Kafka broker throws OutOfMemory error with invalid SASL packet
> --------------------------------------------------------------
>
>                 Key: KAFKA-3169
>                 URL: https://issues.apache.org/jira/browse/KAFKA-3169
>             Project: Kafka
>          Issue Type: Bug
>          Components: security
>    Affects Versions: 0.9.0.0
>            Reporter: Rajini Sivaram
>            Assignee: Rajini Sivaram
>            Priority: Critical
>             Fix For: 0.9.0.1
>
>
> Receive buffer used in Kafka servers to process SASL packets is unbounded. 
> This can results in brokers crashing with OutOfMemory error when an invalid 
> SASL packet is received. 
> There is a standard SASL property in Java _javax.security.sasl.maxbuffer_ 
> that can be used to specify buffer size. When properties are added to the 
> Sasl implementation in KAFKA-3149, we can use the standard property to limit 
> receive buffer size. 
> But since this is a potential DoS issue, we should set a reasonable limit in 
> 0.9.0.1. 



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to