grpc: Add support for max frame length in gPRC frame decoding #32511
CI (Envoy) / Mobile/TSAN
skipped
Mar 2, 2024 in 0s
Check was skipped
This check was not triggered in this CI run
Details
Request (pr/32511/main@1723bff)
@tyxia 1723bff
#32511 merge
main@6231a64
grpc: Add support for max frame length in gPRC frame decoding
The workflow:
- Client of gRPC decoder configure the
max_frame_length
viasetMaxFrameLength()
- At beginning of gRPC frame decoding process ( before
frameDataStart()
), total length of the frame is determined.- If
max_frame_length
is configured and total length exceeds the limit, the decoding process which includes excessive data addition/storage (i.e. frameData()) will be skipped and returned.The use case/ motivation: Enable
max_receive_message_length
in Envoy-gRPC (which use gRPC decoder) .
- When the message is over limit, it can be rejected before frame data is fully decoded (i.e. expanded).
- This can prevent malicious attack , for example, unbounded and huge message is sent over channel and is injected and buffered in Envoy over Envoy-gRPC.
Next step:
- Refactor
bool Decoder::decode
method: Change the return type frombool
to absl:status so that the caller can identify whether it is decoding error or over-limit error.
Environment
Request variables
Key | Value |
---|---|
ref | f14caf2a4cdef4c2e91ce45548ca47de5c396494 |
sha | 1723bff |
pr | 32511 |
base-sha | 6231a64 |
actor | @tyxia |
message | grpc: Add support for max frame length in gPRC frame decoding... |
started | 1709356088.564294 |
target-branch | main |
trusted | false |
Build image
Container image/s (as used in this CI run)
Key | Value |
---|---|
default | envoyproxy/envoy-build-ubuntu:0ca52447572ee105a4730da5e76fe47c9c5a7c64 |
mobile | envoyproxy/envoy-build-ubuntu:mobile-0ca52447572ee105a4730da5e76fe47c9c5a7c64 |
Version
Envoy version (as used in this CI run)
Key | Value |
---|---|
major | 1 |
minor | 30 |
patch | 0 |
dev | true |
Loading