Details

    • Type: Bug Bug
    • Status: Resolved
    • Priority: Major Major
    • Resolution: Fixed
    • Affects Version/s: 1.0
    • Fix Version/s: 1.2
    • Component/s: None
    • Labels:
      None
    • Environment:

      GlassFish Server Open Source Edition 4.0 (build 89)

      Description

      The following simple test case causes OutOfMemorryError on the server side:

      final WebSocketContainer container = ContainerProvider
      .getWebSocketContainer();
      final Session session = container.connectToServer(Client.class,
      new URI("ws://localhost:8080/test/test"));
      final ByteBuffer buf = ByteBuffer.allocate(200 * 1024 * 1024);
      buf.position(buf.limit() - 1);
      session.getAsyncRemote().sendObject(buf);

      Setting the session.setMaxBinaryMessageBufferSize(4 * 1024) on the server endpoint does nothing. Moreover, while reading the message, the server process consumes 70% of CPU. This issue looks like DDoS vulnerability.

      Here is the error stack trace from the server log:

      java.lang.OutOfMemoryError: Java heap space
      at org.glassfish.tyrus.servlet.TyrusHttpUpgradeHandler.fillBuf(TyrusHttpUpgradeHandler.java:181)
      at org.glassfish.tyrus.servlet.TyrusHttpUpgradeHandler.onDataAvailable(TyrusHttpUpgradeHandler.java:105)
      at org.apache.catalina.connector.InputBuffer$ReadHandlerImpl.processDataAvailable(InputBuffer.java:488)
      at org.apache.catalina.connector.InputBuffer$ReadHandlerImpl.onDataAvailable(InputBuffer.java:453)
      at org.glassfish.grizzly.http.io.InputBuffer.append(InputBuffer.java:855)
      at org.glassfish.grizzly.http.server.HttpServerFilter.handleRead(HttpServerFilter.java:222)
      at org.glassfish.grizzly.filterchain.ExecutorResolver$9.execute(ExecutorResolver.java:119)
      at org.glassfish.grizzly.filterchain.DefaultFilterChain.executeFilter(DefaultFilterChain.java:288)
      at org.glassfish.grizzly.filterchain.DefaultFilterChain.executeChainPart(DefaultFilterChain.java:206)
      at org.glassfish.grizzly.filterchain.DefaultFilterChain.execute(DefaultFilterChain.java:136)
      at org.glassfish.grizzly.filterchain.DefaultFilterChain.process(DefaultFilterChain.java:114)
      at org.glassfish.grizzly.ProcessorExecutor.execute(ProcessorExecutor.java:77)
      at org.glassfish.grizzly.nio.transport.TCPNIOTransport.fireIOEvent(TCPNIOTransport.java:838)
      at org.glassfish.grizzly.strategies.AbstractIOStrategy.fireIOEvent(AbstractIOStrategy.java:113)
      at org.glassfish.grizzly.strategies.WorkerThreadIOStrategy.run0(WorkerThreadIOStrategy.java:115)
      at org.glassfish.grizzly.strategies.WorkerThreadIOStrategy.access$100(WorkerThreadIOStrategy.java:55)
      at org.glassfish.grizzly.strategies.WorkerThreadIOStrategy$WorkerThreadRunnable.run(WorkerThreadIOStrategy.java:135)
      at org.glassfish.grizzly.threadpool.AbstractThreadPool$Worker.doWork(AbstractThreadPool.java:564)
      at org.glassfish.grizzly.threadpool.AbstractThreadPool$Worker.run(AbstractThreadPool.java:544)
      at java.lang.Thread.run(Thread.java:724)]]

        Activity

        andrey_pavlenko created issue -
        Pavel Bucek made changes -
        Field Original Value New Value
        Assignee Pavel Bucek [ pavel_bucek ]
        Pavel Bucek made changes -
        Fix Version/s 1.2 [ 16550 ]
        Affects Version/s 1.0 [ 16078 ]
        Hide
        Pavel Bucek added a comment -

        fixed in the trunk, rev 735; you can now set property org.glassfish.tyrus.servlet.incoming-buffer-size to limit buffer size (in bytes). Default value is 4M + 11b (should be able to handle 4M payload).

        Feel free to comment/reopen if you have related questions or suggestions.

        Thanks!

        Show
        Pavel Bucek added a comment - fixed in the trunk, rev 735; you can now set property org.glassfish.tyrus.servlet.incoming-buffer-size to limit buffer size (in bytes). Default value is 4M + 11b (should be able to handle 4M payload). Feel free to comment/reopen if you have related questions or suggestions. Thanks!
        Pavel Bucek made changes -
        Status Open [ 1 ] Resolved [ 5 ]
        Resolution Fixed [ 1 ]

          People

          • Assignee:
            Pavel Bucek
            Reporter:
            andrey_pavlenko
          • Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved: