[jira] [Commented] (KAFKA-5062) Kafka brokers can accept malformed requests which allocate gigabytes of memory

Fri, 16 Jun 2017 15:17:49 -0700 

    [ 
https://issues.apache.org/jira/browse/KAFKA-5062?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16052443#comment-16052443
 ] 

ASF GitHub Bot commented on KAFKA-5062:
---------------------------------------

GitHub user cmccabe opened a pull request:

    https://github.com/apache/kafka/pull/3359

    KAFKA-5062. Kafka brokers can accept malformed requests which allocat…

    …e gigabytes of memory

You can merge this pull request into a Git repository by running:

    $ git pull https://github.com/cmccabe/kafka KAFKA-5062

Alternatively you can review and apply these changes as the patch at:

    https://github.com/apache/kafka/pull/3359.patch

To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:

    This closes #3359
    
----
commit 503cfc9ae5f444a46e28b2b5eac6d31b4628134a
Author: Colin P. Mccabe <cmcc...@confluent.io>
Date:   2017-06-14T16:52:08Z

    KAFKA-5062. Kafka brokers can accept malformed requests which allocate 
gigabytes of memory

----


> Kafka brokers can accept malformed requests which allocate gigabytes of memory
> ------------------------------------------------------------------------------
>
>                 Key: KAFKA-5062
>                 URL: https://issues.apache.org/jira/browse/KAFKA-5062
>             Project: Kafka
>          Issue Type: Bug
>            Reporter: Apurva Mehta
>            Assignee: Colin P. McCabe
>
> In some circumstances, it is possible to cause a Kafka broker to allocate 
> massive amounts of memory by writing malformed bytes to the brokers port. 
> In investigating an issue, we saw byte arrays on the kafka heap upto 1.8 
> gigabytes, the first 360 bytes of which were non kafka requests -- an 
> application was writing the wrong data to kafka, causing the broker to 
> interpret the request size as 1.8GB and then allocate that amount. Apart from 
> the first 360 bytes, the rest of the 1.8GB byte array was null. 
> We have a socket.request.max.bytes set at 100MB to protect against this kind 
> of thing, but somehow that limit is not always respected. We need to 
> investigate why and fix it.
> cc [~rnpridgeon], [~ijuma], [~gwenshap], [~cmccabe]



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

Reply via email to