hadoop-common-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Tsz Wo (Nicholas), SZE (JIRA)" <j...@apache.org>
Subject [jira] Updated: (HADOOP-6809) RPC allows clients to create objects with arbitrary size on the server
Date Fri, 04 Jun 2010 02:35:54 GMT

     [ https://issues.apache.org/jira/browse/HADOOP-6809?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Tsz Wo (Nicholas), SZE updated HADOOP-6809:
-------------------------------------------

    Summary: RPC allows clients to create objects with arbitrary size on the server  (was:
rpc allow creating arbitrary size of objects)

> RPC allows clients to create objects with arbitrary size on the server
> ----------------------------------------------------------------------
>
>                 Key: HADOOP-6809
>                 URL: https://issues.apache.org/jira/browse/HADOOP-6809
>             Project: Hadoop Common
>          Issue Type: Bug
>          Components: ipc
>            Reporter: Tsz Wo (Nicholas), SZE
>
> When o.a.h.ipc.Server receives a rpc method call, it reads the parameters by initializing
an o.a.h.ipc.RPC.Invocation object, which read the parameter values by calling ObjectWritable.readObject(..).
 However, ObjectWritable.readObject(..) does not limit the object size and may create objects
with arbitrary size.  As a consequence, any rpc client may create large objects in the server
by passing large parameter objects.
> For example, a user application may creates large objects in the namenode by calling
DistributedFileSystem.setOwner(p, username, groupname) if username or groupname are large
strings.  In such case, it could easily bring down the namenode.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


Mime
View raw message