Cristian Klein created THRIFT-2937:
--------------------------------------
Summary: Allow setting a maximum frame size in TFramedTransport
Key: THRIFT-2937
URL: https://issues.apache.org/jira/browse/THRIFT-2937
Project: Thrift
Issue Type: Improvement
Components: C++ - Library
Affects Versions: 0.9.3
Environment: Ubuntu 14.04.1 LTS
Reporter: Cristian Klein
Fix For: 0.9.3
To secure Thrift servers against malicious attacks or corrupted data, an often
requested feature is to limit the maximum size of a frame at receive.
TNonblockingServer already has such a feature. The attached patch imposes a
maximum frame size in TFramedTransport. The default value is very conservative
(1MiB), to make sure that memory cannot be easily exhausted. The user can then
increase the maximum frame size, as required.
Example usage:
Good Client -> Server: I want to send you a 100MiB file;
Server -> Good Client: Maximum frame size adjusted go ahead;
Good Client -> Server: Here comes the file ...
Bad Client -> Server: Here is a 100MiB frame to exhaust your memory;
Server -> Bad Client: [connection dropped]
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
