I’ve moved further discussion of this issue to [email protected] <mailto:[email protected]>.
Andy LoPresto [email protected] [email protected] PGP Fingerprint: 70EC B3E5 98A6 5A3F D3C4 BACE 3C6E F65B 2F7D EF69 > On Mar 23, 2017, at 10:26 AM, Ke Yang (Conan) <[email protected]> wrote: > > Folks, > We use NiFi which embeds Jetty Server. Our test team found a security bug > by intercepting the http request and replacing the header with a huge (say > 1GB) text, which sent the response to NCM, which got OOM: > 2017-03-07 03:44:03,522 WARN [NiFi Web Server-22] > o.a.n.c.m.impl.HttpRequestReplicatorImpl Node request for > [id=99a65e79-b856-4e43-9056-1451714498fc, apiAddress=129.188.35.109, > apiPort=38484, socketAddress=129.188.35.109, socketPort=39494, > siteToSiteAddress=129.188.35.109, siteToSitePort=null] encountered exception: > java.util.concurrent.ExecutionException: java.lang.OutOfMemoryError: Java > heap space > > We tried setResponseHeaderSize here > http://download.eclipse.org/jetty/stable-9/apidocs/org/eclipse/jetty/server/HttpConfiguration.html#setResponseHeaderSize-int- > > <http://download.eclipse.org/jetty/stable-9/apidocs/org/eclipse/jetty/server/HttpConfiguration.html#setResponseHeaderSize-int-> > but it didn't seem to work: it seems to us that the huge fake header got > received before this limit takes effect, as a result, the NCM got OOM in the > first place. > > Are we missing anything, or is there a potential bug with > setResponseHeaderSize, please? > > Btw, we also wonder if below workaround would work? > 1. Increase Nifi bootstrap.conf JVM heap size such as xmx8g > 2. Set connection timeout > http://apache-nifi-developer-list.39713.n7.nabble.com/nifi-Cluster-setup-issue-td2988.html > > <http://apache-nifi-developer-list.39713.n7.nabble.com/nifi-Cluster-setup-issue-td2988.html> > nifi.cluster.manager.node.api.connection.timeout=30 sec > nifi.cluster.manager.node.api.read.timeout=30 sec > > > Thanks, > Conan&Sherry
signature.asc
Description: Message signed with OpenPGP using GPGMail
