[
https://issues.apache.org/jira/browse/KAFKA-3169?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15123458#comment-15123458
]
ASF GitHub Bot commented on KAFKA-3169:
---
GitHub user rajinisivaram opened a pull request:
https://github.com/apache/kafka/pull/831
KAFKA-3169: Limit receive buffer size for SASL packets in broker
Limit receive buffer size to avoid OOM in broker with invalid SASL packets
You can merge this pull request into a Git repository by running:
$ git pull https://github.com/rajinisivaram/kafka KAFKA-3169
Alternatively you can review and apply these changes as the patch at:
https://github.com/apache/kafka/pull/831.patch
To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:
This closes #831
commit add436b8d3ad03f1189547bb4bfac824295d7e63
Author: Rajini Sivaram
Date: 2016-01-29T13:02:08Z
KAFKA-3169: Limit receive buffer size for SASL packets to avoid broker OOM
with invalid packets
> Kafka broker throws OutOfMemory error with invalid SASL packet
> --
>
> Key: KAFKA-3169
> URL: https://issues.apache.org/jira/browse/KAFKA-3169
> Project: Kafka
> Issue Type: Bug
> Components: security
>Affects Versions: 0.9.0.0
>Reporter: Rajini Sivaram
>Assignee: Rajini Sivaram
>Priority: Critical
> Fix For: 0.9.0.1
>
>
> Receive buffer used in Kafka servers to process SASL packets is unbounded.
> This can results in brokers crashing with OutOfMemory error when an invalid
> SASL packet is received.
> There is a standard SASL property in Java _javax.security.sasl.maxbuffer_
> that can be used to specify buffer size. When properties are added to the
> Sasl implementation in KAFKA-3149, we can use the standard property to limit
> receive buffer size.
> But since this is a potential DoS issue, we should set a reasonable limit in
> 0.9.0.1.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)