KIP-498 — Add client-side configuration for maximum response size to protect against OOM
Discussion Client
KIP-498 adds a `max.response.size` client-side config that is passed to `NetworkReceive` as the maximum allowable response size, causing the client to throw `InvalidReceiveException` instead of attempting to allocate a multi-hundred-MB buffer when it reads a malformed response header. The vulnerability is triggered when a producer configured with `security.protocol=PLAINTEXT` connects to an SSL listener: the broker sends a TLS alert whose first four bytes decode to ~350 MB, causing an OOM on the client.
Details
| Author | Alexandre Dupriez |
| Status | Discussion |
| JIRA | KAFKA-4090 |
| Wiki | View on Apache Wiki |
| Created | 2019-07-28 |
| Last Modified | 2019-08-06 |
Explore how this KIP affects the Kafka protocol in the Protocol Explorer, or see the full KIP database.