Jens Geyer created THRIFT-6024:
----------------------------------
Summary: Python THeaderTransport and TZlibTransport default max
frame/decompressed size should be DEFAULT_MAX_FRAME_SIZE (16384000), not
HARD_MAX_FRAME_SIZE (0x3FFFFFFF)
Key: THRIFT-6024
URL: https://issues.apache.org/jira/browse/THRIFT-6024
Project: Thrift
Issue Type: Bug
Components: Python - Library
Reporter: Jens Geyer
Python's THeaderTransport and TZlibTransport use HARD_MAX_FRAME_SIZE
(0x3FFFFFFF, ~1 GB) as the default for both max_frame_size and
max_decompressed_size, while every other Thrift binding defaults to
DEFAULT_MAX_FRAME_SIZE (16384000, ~16 MB).
HARD_MAX_FRAME_SIZE is a protocol-level structural constraint (the THeader
frame length field is 30 bits wide), not a policy default. Using it as the
default means Python THeaderTransport and TZlibTransport will accept frames up
to ~1 GB by default, leaving the application unprotected against oversized or
malformed frames unless the caller explicitly calls set_max_frame_size().
Fix: introduce DEFAULT_MAX_FRAME_SIZE = 16384000 in THeaderTransport.py
(matching all other bindings) and use it as the constructor default in both
THeaderTransport and TZlibTransport. HARD_MAX_FRAME_SIZE is retained as the
upper bound enforced by set_max_frame_size() / set_max_decompressed_size().
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
