[
https://issues.apache.org/jira/browse/KAFKA-2878?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15027108#comment-15027108
]
ASF GitHub Bot commented on KAFKA-2878:
---------------------------------------
Github user asfgit closed the pull request at:
https://github.com/apache/kafka/pull/577
> Kafka broker throws OutOfMemory exception with invalid join group request
> -------------------------------------------------------------------------
>
> Key: KAFKA-2878
> URL: https://issues.apache.org/jira/browse/KAFKA-2878
> Project: Kafka
> Issue Type: Bug
> Components: clients
> Affects Versions: 0.9.0.0
> Reporter: Rajini Sivaram
> Assignee: Rajini Sivaram
> Priority: Critical
> Fix For: 0.9.1.0
>
>
> Array allocation for join group request doesn't have any checks and hence can
> result in OutOfMemory exception in the broker. Array size from the request
> should be validated to avoid DoS attacks on a secure installation of Kafka.
> {quote}
> at org/apache/kafka/common/protocol/types/ArrayOf.read(ArrayOf.java:44)
> at org/apache/kafka/common/protocol/types/Schema.read(Schema.java:69)
> at
> org/apache/kafka/common/protocol/ProtoUtils.parseRequest(ProtoUtils.java:60)
> at
> org/apache/kafka/common/requests/JoinGroupRequest.parse(JoinGroupRequest.java:144)
> at
> org/apache/kafka/common/requests/AbstractRequest.getRequest(AbstractRequest.java:55)
>
> at kafka/network/RequestChannel$Request.<init>(RequestChannel.scala:78)
> {quote}
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
