maedhroz commented on code in PR #3655:
URL: https://github.com/apache/cassandra/pull/3655#discussion_r1905955723
##########
src/java/org/apache/cassandra/transport/CQLMessageHandler.java:
##########
@@ -518,10 +523,29 @@ protected boolean
processFirstFrameOfLargeMessage(IntactFrame frame, Limit endpo
// max CQL message size defaults to 256mb, so should be safe to
downcast
int messageSize = Ints.checkedCast(header.bodySizeInBytes);
receivedBytes += buf.remaining();
+
+ if (serverConnection != null && serverConnection.stage() !=
ConnectionStage.READY)
+ {
+ // Disallow any multiframe messages before the connection
reaches the READY state.
+ // This guards against being swamped with oversize messages
from unauthenticated
+ // clients. In this case, we raise a fatal error and close the
connection so it does
+ // not make sense to continue processing subsequent frames
+ handleError(ProtocolException.toFatalException(new
OversizedAuthMessageException(
+ "The connection is not yet in a valid state to
process multi frame CQL Messages, usually this" +
+ "means that authentication is still pending. " +
Review Comment:
nit: It might be useful to create a constant string from this sentence, then
check that the exception message contains it in `AuthMessageSizeLimitTest` w/
`Assertions.assertThatThrownBy().isInstanceOf().hasMessageContaining()`. I
suppose there might be other `ProtocolException` possibilities, and the test
could pass by mistake...
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
