Skip to content

/prometheus

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Several unbounded ioutil.ReadAll calls with HTTP request/responses #3228

Open
mdlayher opened this Issue Sep 28, 2017 · 7 comments

Comments

Assignees
No one assigned
Labels
component/remote storage component/service discovery
Projects
None yet
Milestone
No milestone
5 participants
@mdlayher @gouthamve @tomwilkie @mattbostock @adamdecaf
@mdlayher
Copy link
Member

mdlayher commented Sep 28, 2017

Did a quick grep and filtered out vendored code and tests, and found a few instances of unbounded ioutil.ReadAll calls. Since some of these accept HTTP request and response bodies, it may be a good idea to set some sane upper bound to avoid limitless memory consumption.

I suspect a few MiB of data might be okay in the worst case, but I'm not super familiar with e.g. the remote read/write traffic.

$ grep -r "ioutil.ReadAll" | grep -v vendor | grep -v "_test.go"
documentation/examples/remote_storage/remote_storage_adapter/main.go:           compressed, err := ioutil.ReadAll(r.Body)
documentation/examples/remote_storage/remote_storage_adapter/main.go:           compressed, err := ioutil.ReadAll(r.Body)
documentation/examples/remote_storage/remote_storage_adapter/opentsdb/client.go:        buf, err = ioutil.ReadAll(resp.Body)
documentation/examples/remote_storage/example_write_adapter/server.go:          compressed, err := ioutil.ReadAll(r.Body)
web/web.go:     text, err := ioutil.ReadAll(file)
discovery/triton/triton.go:     data, err := ioutil.ReadAll(resp.Body)
discovery/marathon/marathon.go: body, err := ioutil.ReadAll(resp.Body)
storage/remote/codec.go:        compressed, err := ioutil.ReadAll(r.Body)
storage/remote/client.go:       compressed, err = ioutil.ReadAll(httpResp.Body)

If this isn't a concern, feel free to close the issue. Just wanted to make sure it was noted.
@gouthamve

This comment has been minimized.

Sign in to view
Copy link
Member

gouthamve commented Sep 28, 2017

This is especially interesting for remote-read as it has the highest potential to nuke Prometheus.
@mdlayher

This comment has been minimized.

Sign in to view
Copy link
Member Author

mdlayher commented Sep 28, 2017

Indeed. Ping @tomwilkie for thoughts since I noticed a couple of these in remote storage.

@tomwilkie tomwilkie added the component/remote storage label Sep 28, 2017

@tomwilkie

This comment has been minimized.

Sign in to view
Copy link
Member

tomwilkie commented Sep 28, 2017

Yeah we should bound them with a LimitedReader. Prometheus doesn't do a lot to protect itself, but thats not an excuse not to improve things!

I want to get 2.0 merged in before fixing this kind of bug though, as I don't want it to get lost in the merge.

@tomwilkie tomwilkie added the component/service discovery label Sep 28, 2017

@mdlayher

This comment has been minimized.

Sign in to view
Copy link
Member Author

mdlayher commented Sep 28, 2017

Makes sense for me. Just so it's tracked here, do you know what a sane upper bound could be?
@tomwilkie

This comment has been minimized.

Sign in to view
Copy link
Member

tomwilkie commented Sep 28, 2017

I'll gather some stats from our Cortex but I don't image more than 10Mb.
@mattbostock

This comment has been minimized.

Sign in to view
Copy link
Contributor

mattbostock commented Oct 15, 2017

@tomwilkie: See the MaxBytesReader function from the http package.

@adamdecaf adamdecaf referenced this issue Jul 12, 2018

Open

wrap remote triton and marathon reads in an io.LimitReader #4376

@adamdecaf

This comment has been minimized.

Sign in to view
Copy link
Contributor

adamdecaf commented Jul 12, 2018

I created #4376 (sorry about commit spam above).

@tomwilkie did you ever find a better limit? I just picked 10mb.

Also, I wasn't sure what to pick as a limit for storage/remote/client.go. Can those files be a lot bigger than 10mb?
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.