From 227b03fd93b6b976f5b1bfa636812dd28a50e635 Mon Sep 17 00:00:00 2001 From: Sheng Yang Date: Fri, 15 Apr 2011 15:23:37 -0700 Subject: [PATCH] bug 4387: Add maximum limit to the packet, prevent OOME The OOME is due to when server reading the data, it would try to adjust the reading buffer size according to the "packet length" it read. But if the "packet length" is some random numbers, server would still try to allocate a part of very big memory for the reading buffer, result in OOM. This patch add a 64k limit to sending/receiving the packet. It's the maximum length one IP datagram can support, and we don't think the request can exceed this limit. Even if exceed the limit in normal condition, we would aware of it due to the exception. Solution has been verified using wget and telnet. status 4387: resolved fixed --- utils/src/com/cloud/utils/nio/Link.java | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/utils/src/com/cloud/utils/nio/Link.java b/utils/src/com/cloud/utils/nio/Link.java index 1c33fc5b1f2..4cf0a6a01b8 100755 --- a/utils/src/com/cloud/utils/nio/Link.java +++ b/utils/src/com/cloud/utils/nio/Link.java @@ -162,6 +162,10 @@ public class Link { if (s_logger.isTraceEnabled()) { s_logger.trace("Packet length is " + readSize); } + + if (readSize > 65535) { + throw new IOException("Packet is too big! Discard it. Size: " + readSize); + } _readBuffer.clear(); _readSize = false; @@ -258,6 +262,10 @@ public class Link { int remaining = data[0].getInt() + 4; data[0].reset(); + if (remaining > 65535) { + throw new IOException("Fail to send a too big packet! Size: " + remaining); + } + while (remaining > 0) { if (s_logger.isTraceEnabled()) { s_logger.trace("Writing " + remaining);