[
https://issues.apache.org/jira/browse/THRIFT-2937?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Cristian Klein updated THRIFT-2937:
-----------------------------------
Attachment: 0001-THRIFT-2937-Allow-setting-a-maximum-frame-size.patch
Patch for this improvement
> Allow setting a maximum frame size in TFramedTransport
> ------------------------------------------------------
>
> Key: THRIFT-2937
> URL: https://issues.apache.org/jira/browse/THRIFT-2937
> Project: Thrift
> Issue Type: Improvement
> Components: C++ - Library
> Affects Versions: 0.9.3
> Environment: Ubuntu 14.04.1 LTS
> Reporter: Cristian Klein
> Labels: feature, newbie, patch, security
> Fix For: 0.9.3
>
> Attachments: 0001-THRIFT-2937-Allow-setting-a-maximum-frame-size.patch
>
> Original Estimate: 1h
> Remaining Estimate: 1h
>
> To secure Thrift servers against malicious attacks or corrupted data, an
> often requested feature is to limit the maximum size of a frame at receive.
> TNonblockingServer already has such a feature. The attached patch imposes a
> maximum frame size in TFramedTransport. The default value is very
> conservative (1MiB), to make sure that memory cannot be easily exhausted. The
> user can then increase the maximum frame size, as required.
> Example usage:
> Good Client -> Server: I want to send you a 100MiB file;
> Server -> Good Client: Maximum frame size adjusted go ahead;
> Good Client -> Server: Here comes the file ...
> Bad Client -> Server: Here is a 100MiB frame to exhaust your memory;
> Server -> Bad Client: [connection dropped]
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
