Join GitHub today
GitHub is home to over 40 million developers working together to host and review code, manage projects, and build software together.Sign up
Add Client protocol frame size limit #15396
This PR adds a level of memory protection to the Hazelcast client protocol.
tkountis left a comment
I believe there is a range check error which can allow a special crafted packet to pass your checks and still crash the endpoint.
For instance a frame with size, Integer.MIN_VALUE can pass your checks for max size per frame, but then cause trouble at the following line: https://github.com/hazelcast/hazelcast/pull/15396/files#diff-777042f2e7bb74fb094f22df0d18eb84L72 which subtracts the SZ_OF_FRAME_LEN from the actual frame length, and will result in a value close to Integer.MAX_VALUE. Upon allocating that byte-array, we can end up with OOME.
I didn't attempt to reproduce it, but its worth testing it.