Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Set a configurable maximum payload size for the message decoder and add an invalid message handler to catch invalid messages #113

Closed
vietj opened this issue Sep 4, 2024 · 1 comment
Closed

Set a configurable maximum payload size for the message decoder and add an invalid message handler to catch invalid messages #113

vietj opened this issue Sep 4, 2024 · 1 comment
Assignees
@vietj
Labels
bug Something isn't working
Milestone
4.5.10

Comments

@vietj
Copy link
Member

vietj commented Sep 4, 2024
edited
Loading

Motivation:

The gRPC message decoder uses the default limit allowed by the gRPC HTTP/2 transport (2^32 bytes). The default maximum size should be smaller and configurable. This can be used to consume memory of a server or a client and is referenced as CVE-2024-8391

Changes:

Add options for configuring the maximum message size and use a lower default value (256KB) for both client and server. In addition an invalid message handler can be set on the GrpcReadStream to catch invalid message reports and let the application recover invalid messages. The invalid message handler can be triggered by a capacity overflow or a decoder exception.

Results:

gRPC server and client now uses a smaller default maximum message size which can be configured according to the application needs. Invalid message handler can also be set to catch invalid messages.
@vietj vietj added the bug Something isn't working label Sep 4, 2024
@vietj vietj added this to the 4.5.10 milestone Sep 4, 2024
@vietj vietj self-assigned this Sep 4, 2024
vietj added a commit that referenced this issue Sep 4, 2024
@vietj
Set a configurable maximum payload size for the message decoder and a…
a76b14a 
…dd an invalid message handler to catch invalid messages.

Motivation:

The gRPC message decoder uses the default limit allowed by the gRPC HTTP/2 transport (2^32 bytes). The default maximum size should be smaller and configurable.

Changes:

Add options for configuring the maximum message size and use a lower default value (256KB) for both client and server. In addition an invalid message handler can be set on the GrpcReadStream to catch invalid message reports and let the application recover invalid messages. The invalid message handler can be triggered by a capacity overflow or a decoder exception.

Results:

gRPC server and client now uses a smaller default maximum message size which can be configured according to the application needs. Invalid message handler can also be set to catch invalid messages.

Fixes #113
@vietj vietj closed this as completed Sep 4, 2024
This was referenced Sep 5, 2024
Closed
Closed
@sarah-jay-peper
Copy link

Hi!

Thank you for creating this fix.

We have updated our services to 4.5.10 quite quickly and got a tiny bit burned by the surprisingly low default limit, tho. Could the default limit be raised to the 4MB limit of gRPC itself?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@vietj vietj

Labels
bug Something isn't working
Projects
None yet
Milestone
4.5.10
Development

No branches or pull requests
2 participants
@vietj @sarah-jay-peper