Sergey Soldatov created HBASE-26767:
---------------------------------------
Summary: Rest server should not use a large Header Cache.
Key: HBASE-26767
URL: https://issues.apache.org/jira/browse/HBASE-26767
Project: HBase
Issue Type: Bug
Components: REST
Affects Versions: 2.4.9
Reporter: Sergey Soldatov
Assignee: Sergey Soldatov
In the RESTServer we set the HeaderCache size to DEFAULT_HTTP_MAX_HEADER_SIZE
(65536). That's not compatible with jetty-9.4.x because the cache size is
limited by Character.MAX_VALUE - 1 (65534) there. According to the Jetty
source code comments, it's possible to have a buffer overflow in the cache for
higher values and that might lead to wrong/incomplete values returned by cache
and following incorrect header handling.
There are a couple of ways to fix it:
1. change the value of DEFAULT_HTTP_MAX_HEADER_SIZE to 65534
2. make header cache size configurable and set its size separately from the
header size.
I believe that the second would give us more flexibility.
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
