Rajini Sivaram created KAFKA-2878:
-------------------------------------
Summary: Kafka broker throws OutOfMemory exception with invalid
join group request
Key: KAFKA-2878
URL: https://issues.apache.org/jira/browse/KAFKA-2878
Project: Kafka
Issue Type: Bug
Components: clients
Affects Versions: 0.9.0.0
Reporter: Rajini Sivaram
Assignee: Rajini Sivaram
Priority: Critical
Array allocation for join group request doesn't have any checks and hence can
result in OutOfMemory exception in the broker. Array size from the request
should be validated to avoid DoS attacks on a secure installation of Kafka.
{quote}
at org/apache/kafka/common/protocol/types/ArrayOf.read(ArrayOf.java:44)
at org/apache/kafka/common/protocol/types/Schema.read(Schema.java:69)
at org/apache/kafka/common/protocol/ProtoUtils.parseRequest(ProtoUtils.java:60)
at
org/apache/kafka/common/requests/JoinGroupRequest.parse(JoinGroupRequest.java:144)
at
org/apache/kafka/common/requests/AbstractRequest.getRequest(AbstractRequest.java:55)
at kafka/network/RequestChannel$Request.<init>(RequestChannel.scala:78)
{quote}
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
