[ https://issues.apache.org/jira/browse/KAFKA-3169?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15123458#comment-15123458 ]
ASF GitHub Bot commented on KAFKA-3169: --------------------------------------- GitHub user rajinisivaram opened a pull request: https://github.com/apache/kafka/pull/831 KAFKA-3169: Limit receive buffer size for SASL packets in broker Limit receive buffer size to avoid OOM in broker with invalid SASL packets You can merge this pull request into a Git repository by running: $ git pull https://github.com/rajinisivaram/kafka KAFKA-3169 Alternatively you can review and apply these changes as the patch at: https://github.com/apache/kafka/pull/831.patch To close this pull request, make a commit to your master/trunk branch with (at least) the following in the commit message: This closes #831 ---- commit add436b8d3ad03f1189547bb4bfac824295d7e63 Author: Rajini Sivaram <rajinisiva...@googlemail.com> Date: 2016-01-29T13:02:08Z KAFKA-3169: Limit receive buffer size for SASL packets to avoid broker OOM with invalid packets ---- > Kafka broker throws OutOfMemory error with invalid SASL packet > -------------------------------------------------------------- > > Key: KAFKA-3169 > URL: https://issues.apache.org/jira/browse/KAFKA-3169 > Project: Kafka > Issue Type: Bug > Components: security > Affects Versions: 0.9.0.0 > Reporter: Rajini Sivaram > Assignee: Rajini Sivaram > Priority: Critical > Fix For: 0.9.0.1 > > > Receive buffer used in Kafka servers to process SASL packets is unbounded. > This can results in brokers crashing with OutOfMemory error when an invalid > SASL packet is received. > There is a standard SASL property in Java _javax.security.sasl.maxbuffer_ > that can be used to specify buffer size. When properties are added to the > Sasl implementation in KAFKA-3149, we can use the standard property to limit > receive buffer size. > But since this is a potential DoS issue, we should set a reasonable limit in > 0.9.0.1. -- This message was sent by Atlassian JIRA (v6.3.4#6332)