Ilya Kazakov created IGNITE-15921:
-------------------------------------
Summary: Vulnerability in thin client protocol leads to OOM
Key: IGNITE-15921
URL: https://issues.apache.org/jira/browse/IGNITE-15921
Project: Ignite
Issue Type: Improvement
Components: thin client
Affects Versions: 2.11
Reporter: Ilya Kazakov
As thin client protocol interprets first 4 bytes as message size and allocate
array for it. Any "big" 4 bytes sent on thin client port could leads to OOM.
Some ideas to resolve:
- print WARN in case of big client message
- allocate array not for all message, but allocate it gradually.
- read more then first4 bytes to understand is it real client message, or it
is some trash.
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
