Ilya Kazakov created IGNITE-15921: ------------------------------------- Summary: Vulnerability in thin client protocol leads to OOM Key: IGNITE-15921 URL: https://issues.apache.org/jira/browse/IGNITE-15921 Project: Ignite Issue Type: Improvement Components: thin client Affects Versions: 2.11 Reporter: Ilya Kazakov
As thin client protocol interprets first 4 bytes as message size and allocate array for it. Any "big" 4 bytes sent on thin client port could leads to OOM. Some ideas to resolve: - print WARN in case of big client message - allocate array not for all message, but allocate it gradually. - read more then first4 bytes to understand is it real client message, or it is some trash. -- This message was sent by Atlassian Jira (v8.20.1#820001)