]
Bela Ban resolved JGRP-2523.
----------------------------
Resolution: Done
Cap max data read by TcpConnection or NioConnection
---------------------------------------------------
Key: JGRP-2523
URL:
https://issues.redhat.com/browse/JGRP-2523
Project: JGroups
Issue Type: Feature Request
Reporter: Bela Ban
Assignee: Bela Ban
Priority: Minor
Fix For: 4.2.11, 5.1.3
Both NioConnection and TcpConnection read the length (4 bytes) first, then allocate a
buffer and call InputStream.readFully().
If some random client ({{nc}}, {{curl}}, {{wget}} etc)connects accidentally, {{length}}
might be huge and the memory allocation will fail with an OOME. This may even terminate
the JVM, e.g. if {{-XX:+ExitOnOutOfMemoryError}} is set.
Solution: introduce an attribute which caps the max length, and throws an exception
(closing the connection), avoiding reading the data. If 0, the length will not be capped.