mridulm commented on code in PR #36116:
URL: https://github.com/apache/spark/pull/36116#discussion_r846599754
##########
core/src/main/scala/org/apache/spark/network/netty/NettyBlockRpcServer.scala:
##########
@@ -50,7 +51,17 @@ class NettyBlockRpcServer(
client: TransportClient,
rpcMessage: ByteBuffer,
responseContext: RpcResponseCallback): Unit = {
- val message = BlockTransferMessage.Decoder.fromByteBuffer(rpcMessage)
+ val message = try {
+ BlockTransferMessage.Decoder.fromByteBuffer(rpcMessage)
+ } catch {
+ case _: IndexOutOfBoundsException =>
+ // Netty throws IndexOutOfBoundsException for corrupted buffers. In
this case, we ignore
+ // the entire message with warnings because we cannot trust any
contents.
+ logWarning(s"Ignored a corrupted RPC message (capacity:
${rpcMessage.capacity()}) " +
+ s"from ${client.getSocketAddress}. Please use `spark.authenticate.*`
configurations " +
+ "in case of security incidents.")
Review Comment:
Might be a good idea to expand to atleast include the common patterns we can
observe. Top of my head, the following are possible:
* `IllegalArgumentException` - when the `type` is unknown/invalid when
decoding.
* `NegativeArraySizeException` - if the size read is invalid (negative for
example).
* `IndexOutOfBoundsException` - we are already handling it in this PR.
Rest can be enhanced in future works, thoughts ?
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
