Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

grpc: Add support for max frame length in gPRC frame decoding #32511

Merged
merged 9 commits into from
Mar 6, 2024

test

1723bff
Select commit
Loading
Failed to load commit list.
Merged

grpc: Add support for max frame length in gPRC frame decoding #32511

test
1723bff
Select commit
Loading
Failed to load commit list.
CI (Envoy) / Mobile/Compile time options succeeded Mar 2, 2024 in 2m 44s

Mobile/Compile time options (success)

Check has finished

Details

Check run finished (success ✔️)

The check run can be viewed here:

Mobile/Compile time options (pr/32511/main@1723bff)

Check started by

Request (pr/32511/main@1723bff)

tyxia @tyxia 1723bff #32511 merge main@6231a64

grpc: Add support for max frame length in gPRC frame decoding

The workflow:

  • Client of gRPC decoder configure the max_frame_length via setMaxFrameLength()
  • At beginning of gRPC frame decoding process ( before frameDataStart()), total length of the frame is determined.
  • If max_frame_length is configured and total length exceeds the limit, the decoding process which includes excessive data addition/storage (i.e. frameData()) will be skipped and returned.

The use case/ motivation: Enable max_receive_message_length in Envoy-gRPC (which use gRPC decoder) .

  • When the message is over limit, it can be rejected before frame data is fully decoded (i.e. expanded).
  • This can prevent malicious attack , for example, unbounded and huge message is sent over channel and is injected and buffered in Envoy over Envoy-gRPC.

Next step:

  • Refactor bool Decoder::decode method: Change the return type from bool to absl:status so that the caller can identify whether it is decoding error or over-limit error.
Environment

Request variables

Key Value
ref f14caf2a4cdef4c2e91ce45548ca47de5c396494
sha 1723bff
pr 32511
base-sha 6231a64
actor tyxia @tyxia
message grpc: Add support for max frame length in gPRC frame decoding...
started 1709356088.564294
target-branch main
trusted false
Build image

Container image/s (as used in this CI run)

Key Value
default envoyproxy/envoy-build-ubuntu:0ca52447572ee105a4730da5e76fe47c9c5a7c64
mobile envoyproxy/envoy-build-ubuntu:mobile-0ca52447572ee105a4730da5e76fe47c9c5a7c64
Version

Envoy version (as used in this CI run)

Key Value
major 1
minor 30
patch 0
dev true