(incubator-seata) branch 2.x updated: optimize: add decode buffer limit (#7813)

Sat, 29 Nov 2025 04:12:01 -0800 

This is an automated email from the ASF dual-hosted git repository.

jianbin pushed a commit to branch 2.x
in repository https://gitbox.apache.org/repos/asf/incubator-seata.git


The following commit(s) were added to refs/heads/2.x by this push:
     new cab5d506c0 optimize: add decode buffer limit (#7813)
cab5d506c0 is described below

commit cab5d506c0d71f82afca508d13748d20a25d1deb
Author: jimin <[email protected]>
AuthorDate: Sat Nov 29 20:10:43 2025 +0800

    optimize: add decode buffer limit (#7813)
---
 changes/en-us/2.x.md                                         |  1 +
 changes/zh-cn/2.x.md                                         |  1 +
 .../apache/seata/core/rpc/netty/ProtocolDetectHandler.java   | 12 +++++++++++-
 .../apache/seata/core/rpc/netty/http/Http2HttpHandler.java   | 11 +++++++++++
 4 files changed, 24 insertions(+), 1 deletion(-)

diff --git a/changes/en-us/2.x.md b/changes/en-us/2.x.md
index 014d611931..d60952511b 100644
--- a/changes/en-us/2.x.md
+++ b/changes/en-us/2.x.md
@@ -78,6 +78,7 @@ Add changes here for all PR submitted to the 2.x branch.
 - [[#7743](https://github.com/seata/seata/pull/7743)] upgrade Apache Tomcat 
dependency from 9.0.108 to 9.0.109
 - [[#7740](https://github.com/apache/incubator-seata/pull/7740)] enhance 
HttpClient to support h2c
 - [[#7781](https://github.com/apache/incubator-seata/pull/7781)] highlight 
pmd-check log
+- [[#7813](https://github.com/apache/incubator-seata/pull/7813)] add decode 
buffer limit
 
 
 
diff --git a/changes/zh-cn/2.x.md b/changes/zh-cn/2.x.md
index aa133e3bbb..404b65620b 100644
--- a/changes/zh-cn/2.x.md
+++ b/changes/zh-cn/2.x.md
@@ -77,6 +77,7 @@
 - [[#7743](https://github.com/seata/seata/pull/7743)] 将 Apache Tomcat 依赖项从 
9.0.108 升级到 9.0.109
 - [[#7740](https://github.com/apache/incubator-seata/pull/7740)] 
优化http工具类使之支持h2c协议
 - [[#7781](https://github.com/apache/incubator-seata/pull/7781)] 高亮 pmd 检查日志信息
+- [[#7813](https://github.com/apache/incubator-seata/pull/7813)] 增加解码buffer限制
 
 
 ### security:
diff --git 
a/core/src/main/java/org/apache/seata/core/rpc/netty/ProtocolDetectHandler.java 
b/core/src/main/java/org/apache/seata/core/rpc/netty/ProtocolDetectHandler.java
index 8432f84876..6ace747c4f 100644
--- 
a/core/src/main/java/org/apache/seata/core/rpc/netty/ProtocolDetectHandler.java
+++ 
b/core/src/main/java/org/apache/seata/core/rpc/netty/ProtocolDetectHandler.java
@@ -26,9 +26,10 @@ import org.slf4j.LoggerFactory;
 
 import java.util.List;
 
+import static 
org.apache.seata.core.protocol.ProtocolConstants.MAX_FRAME_LENGTH;
+
 public class ProtocolDetectHandler extends ByteToMessageDecoder {
     private static final Logger LOGGER = 
LoggerFactory.getLogger(ProtocolDetectHandler.class);
-
     private ProtocolDetector[] supportedProtocolDetectors;
 
     public ProtocolDetectHandler(ProtocolDetector[] 
supportedProtocolDetectors) {
@@ -37,6 +38,15 @@ public class ProtocolDetectHandler extends 
ByteToMessageDecoder {
 
     @Override
     protected void decode(ChannelHandlerContext ctx, ByteBuf in, List<Object> 
out) throws Exception {
+        if (in.readableBytes() > MAX_FRAME_LENGTH) {
+            LOGGER.error(
+                    "Packet size {} exceeds maximum {}, closing connection 
from {}",
+                    in.readableBytes(),
+                    MAX_FRAME_LENGTH,
+                    ctx.channel().remoteAddress());
+            ctx.close(); // Close the channel if the frame length exceeds the 
maximum allowed length
+            return;
+        }
         for (ProtocolDetector protocolDetector : supportedProtocolDetectors) {
             if (protocolDetector.detect(in)) {
                 ChannelHandler[] protocolHandlers = 
protocolDetector.getHandlers();
diff --git 
a/core/src/main/java/org/apache/seata/core/rpc/netty/http/Http2HttpHandler.java 
b/core/src/main/java/org/apache/seata/core/rpc/netty/http/Http2HttpHandler.java
index 07172a3ad7..0ef8380500 100644
--- 
a/core/src/main/java/org/apache/seata/core/rpc/netty/http/Http2HttpHandler.java
+++ 
b/core/src/main/java/org/apache/seata/core/rpc/netty/http/Http2HttpHandler.java
@@ -44,6 +44,8 @@ import java.nio.charset.StandardCharsets;
 import java.util.HashMap;
 import java.util.Map;
 
+import static 
org.apache.seata.core.protocol.ProtocolConstants.MAX_FRAME_LENGTH;
+
 /**
  * The http2 http handler.
  */
@@ -68,6 +70,15 @@ public class Http2HttpHandler extends 
BaseHttpChannelHandler<Http2StreamFrame> {
                 }
             } else if (msg instanceof Http2DataFrame) {
                 Http2DataFrame dataFrame = (Http2DataFrame) msg;
+                if (dataFrame.content().readableBytes() > MAX_FRAME_LENGTH) {
+                    LOGGER.error(
+                            "Packet size {} exceeds maximum {}, closing 
connection from {}",
+                            dataFrame.content().readableBytes(),
+                            MAX_FRAME_LENGTH,
+                            ctx.channel().remoteAddress());
+                    ctx.close();
+                    return;
+                }
                 bodyBuffer.writeBytes(dataFrame.content());
                 if (dataFrame.isEndStream()) {
                     handleRequest(ctx);


---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to