rpc allow creating arbitrary size of objects
--------------------------------------------
Key: HADOOP-6809
URL: https://issues.apache.org/jira/browse/HADOOP-6809
Project: Hadoop Common
Issue Type: Bug
Components: io
Reporter: Tsz Wo (Nicholas), SZE
When o.a.h.ipc.Server receives a rpc method call, it reads the parameters by
initializing an o.a.h.ipc.RPC.Invocation object, which read the parameter
values by calling ObjectWritable.readObject(..). However,
ObjectWritable.readObject(..) does not limit the object size and may create
objects with arbitrary size. As a consequence, any rpc client may create large
objects in the server by passing large parameter objects.
For example, a user application may creates large objects in the namenode by
calling DistributedFileSystem.setOwner(p, username, groupname) if username or
groupname are large strings. In such case, it could easily bring down the
namenode.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
