[jira] [Commented] (HADOOP-19864) Cut WritableRPCEngine

Wed, 06 May 2026 04:22:29 -0700 


    [ 
https://issues.apache.org/jira/browse/HADOOP-19864?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=18078657#comment-18078657
 ] 

ASF GitHub Bot commented on HADOOP-19864:
-----------------------------------------

steveloughran commented on code in PR #8470:
URL: https://github.com/apache/hadoop/pull/8470#discussion_r3195012898


##########
hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/ipc/Server.java:
##########
@@ -2946,28 +2946,40 @@ private void processRpcRequest(RpcRequestHeaderProto 
header,
         throw new FatalRpcServerException(
             RpcErrorCodeProto.FATAL_INVALID_RPC_HEADER, err);
       }
-      Class<? extends Writable> rpcRequestClass = 
+      // Reject requests for RPC kinds with no registered protocols on this
+      // server instance. This prevents deserialization of untrusted payloads
+      // for unsupported kinds. See HADOOP-19864.
+      if (Server.this instanceof RPC.Server server) {
+        final RPC.RpcKind kind = ProtoUtil.convert(header.getRpcKind());
+        if (!server.hasRegisteredProtocols(kind)) {
+          final String err = "No protocols registered on this server for 
RpcKind "
+              + header.getRpcKind()
+              + ". Rejecting request without deserialization.";
+          LOG.info("{} Client: {}", err, getHostAddress());

Review Comment:
   rejected as upgrading to warn is even noisier. We could go to LogExactlyOnce





> Cut WritableRPCEngine
> ---------------------
>
>                 Key: HADOOP-19864
>                 URL: https://issues.apache.org/jira/browse/HADOOP-19864
>             Project: Hadoop Common
>          Issue Type: Improvement
>          Components: ipc
>    Affects Versions: 3.6.0
>            Reporter: Steve Loughran
>            Assignee: Steve Loughran
>            Priority: Major
>              Labels: pull-request-available
>             Fix For: 3.6.0
>
>
> Cut {{WritableRpcEngine}} from the code
> It's been obsolete for over a decade, with MAPREDUCE-6706 not needed 
> internally.
> Tez still uses it (TEZ-4708 ) so this removal will be incompatible for them. 



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to