dongjoon-hyun commented on code in PR #36116:
URL: https://github.com/apache/spark/pull/36116#discussion_r846261413
##########
core/src/main/scala/org/apache/spark/network/netty/NettyBlockRpcServer.scala:
##########
@@ -50,7 +51,17 @@ class NettyBlockRpcServer(
client: TransportClient,
rpcMessage: ByteBuffer,
responseContext: RpcResponseCallback): Unit = {
- val message = BlockTransferMessage.Decoder.fromByteBuffer(rpcMessage)
+ val message = try {
+ BlockTransferMessage.Decoder.fromByteBuffer(rpcMessage)
+ } catch {
+ case _: IndexOutOfBoundsException =>
+ // Netty throws IndexOutOfBoundsException for corrupted buffers. In
this case, we ignore
+ // the entire message with warnings because we cannot trust any
contents.
+ logWarning(s"Ignored a corrupted RPC message (capacity:
${rpcMessage.capacity()}) " +
+ s"from ${client.getSocketAddress}. Please use `spark.authenticate.*`
configurations " +
+ "in case of security incidents.")
Review Comment:
Thank you for review. Yes, this code path has also more exception types like
`RuntimeException` (due to `IOException`) and `UnsupportedOperationException`.
We can add some of them more.
However, currently, this PR focused on random attacks which causes failures
mostly at the first field, `appId` decoding which are observed during testing.
```
String appId = Encoders.Strings.decode(buf);
```
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
