[
https://issues.apache.org/jira/browse/THRIFT-2937?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14322225#comment-14322225
]
Hudson commented on THRIFT-2937:
--------------------------------
SUCCESS: Integrated in Thrift #1456 (See
[https://builds.apache.org/job/Thrift/1456/])
THRIFT-2937 Allow setting a maximum frame size (roger: rev
0d964d8e520067c461f9dcef9f7654d43c8fba7f)
* lib/cpp/src/thrift/transport/TBufferTransports.h
* lib/cpp/src/thrift/transport/TBufferTransports.cpp
> Allow setting a maximum frame size in TFramedTransport
> ------------------------------------------------------
>
> Key: THRIFT-2937
> URL: https://issues.apache.org/jira/browse/THRIFT-2937
> Project: Thrift
> Issue Type: Improvement
> Components: C++ - Library
> Affects Versions: 0.9.3
> Environment: Ubuntu 14.04.1 LTS
> Reporter: Cristian Klein
> Assignee: Roger Meier
> Labels: feature, newbie, patch, security
> Fix For: 0.9.3
>
> Attachments: 0001-THRIFT-2937-Allow-setting-a-maximum-frame-size.patch
>
> Original Estimate: 1h
> Remaining Estimate: 1h
>
> To secure Thrift servers against malicious attacks or corrupted data, an
> often requested feature is to limit the maximum size of a frame at receive.
> TNonblockingServer already has such a feature. The attached patch imposes a
> maximum frame size in TFramedTransport. The default value is very
> conservative (1MiB), to make sure that memory cannot be easily exhausted. The
> user can then increase the maximum frame size, as required.
> Example usage:
> Good Client -> Server: I want to send you a 100MiB file;
> Server -> Good Client: Maximum frame size adjusted go ahead;
> Good Client -> Server: Here comes the file ...
> Bad Client -> Server: Here is a 100MiB frame to exhaust your memory;
> Server -> Bad Client: [connection dropped]
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
