[
https://issues.apache.org/jira/browse/KAFKA-4493?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16695808#comment-16695808
]
ASF GitHub Bot commented on KAFKA-4493:
---------------------------------------
stanislavkozlovski opened a new pull request #5940: KAFKA-4493: Throw
InvalidTransportLayerException when a plaintext client receives a TLS response
URL: https://github.com/apache/kafka/pull/5940
Currently, if a client if misconfigured to not use `ssl` and conencts to a
broker with SSL listeners, the broker responds with a TLS Alert response.
The client interprets the first 4 TLS alert response bytes as the size of
the response, resulting in it trying to allocate `352518912` bytes.
This either raises an `OutOfMemory` exception or stalls on the `allocate()`
call. Either way, we should fatally throw a more clear exception so the user
can know what is wrong.
I personally spent more time than I'm comfortable sharing debugging this
issue and I'd like to see it improved.
# Implementation
On the first read of a `PlaintextTransportLayer` channel, we check against
the pre-defined TLS alert headers, which consist of the alert byte `0x15` and
the TLS version `0301`,`0302`, `0303`.
I believe that it should be alright to close such responses since we would
never expect to receive a 3mb response on the first response in a
newly-established connection since we should at least verify `API_VERSIONS`
first.
I'm not entirely certain whether this warrants creation of a KIP since we
are raising a new exception - `InvalidTransportLayerException`. That is not
publicly exposed, right?
cc @rajinisivaram for review
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
[email protected]
> Connections to Kafka brokers should be validated
> ------------------------------------------------
>
> Key: KAFKA-4493
> URL: https://issues.apache.org/jira/browse/KAFKA-4493
> Project: Kafka
> Issue Type: Improvement
> Components: clients
> Reporter: Ismael Juma
> Assignee: Stanislav Kozlovski
> Priority: Major
>
> There have been a few reports of Kafka clients throwing an OOM because they
> read 4 bytes from the stream and then use that to allocate a ByteBuffer
> without validating that they are using the right security protocol or even
> communicating with a Kafka broker.
> It would be good to perform some validation in order to show a useful error
> message to the user instead of the OOM.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
