Skip to content
This repository has been archived by the owner on May 23, 2024. It is now read-only.

Check for unreasonable data in binary propagation #529

Merged
merged 2 commits into from
Apr 11, 2021
Merged

Check for unreasonable data in binary propagation #529

merged 2 commits into from
Apr 11, 2021

Conversation

bboreham
Copy link
Contributor

@bboreham bboreham commented Aug 29, 2020
edited
Loading

Which problem is this PR solving?

Protect against data corruption between binary Inject and Extract.
E.g. somebody passed in base64 data without remembering to decode it...

Short description of the changes

Assume the data is corrupt and return an error instead of attempting to allocate hundreds of megabytes.

The test I have added still fails without the new checks, but takes about 6 seconds longer because make(map[string]string, 1094795585) is quite slow and requires 5GB of RAM.

@codecov
Copy link

codecov bot commented Aug 29, 2020
edited
Loading

Codecov Report

Merging #529 (0e95726) into master (967f9c3) will decrease coverage by 0.04%.
The diff coverage is 50.00%.

Impacted file tree graph

@@            Coverage Diff             @@
##           master     #529      +/-   ##
==========================================
- Coverage   88.57%   88.53%   -0.05%     
==========================================
  Files          61       61              
  Lines        3318     3322       +4     
==========================================
+ Hits         2939     2941       +2     
- Misses        252      253       +1     
- Partials      127      128       +1
Impacted Files Coverage Δ
propagation.go 71.22% <50.00%> (-0.63%) ⬇️

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 967f9c3...0e95726. Read the comment docs.

yurishkuro
yurishkuro reviewed Aug 29, 2020
View reviewed changes
propagation.go Outdated
// the data is corrupted, to protect against running out of memory
const (
maxBinaryBaggage = 1024 * 1024
maxBinaryValueLen = 100 * 1024 * 1024
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I don't think these huge values make sense. W3C baggage is limited to 8k (https://github.com/w3c/baggage/blob/master/baggage/HTTP_HEADER_FORMAT.md#limits).

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yeah fair enough. I looked in OpenTracing and didn’t see any recommended sizes or limits.

Any thoughts on key/value limits?

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Let's use w3c baggage limits

  • Maximum number of name-value pairs: 180.
  • Maximum number of bytes per a single name-value pair: 4096.
  • Maximum total length of all name-value pairs: 8192.

@yurishkuro
Copy link
Member

@bboreham are you still interested in this change?

@bboreham
Copy link
Contributor Author

Fairly interested; it cost me a lot of time to figure out the problem when I tripped over it, so just trying to save the next person.

I have updated it to use W3C limits as you suggested, though now I look at it again I think they should be applied on the Inject side, so if you have gone over those limits you get the error in a more useful place.

@yurishkuro
Copy link
Member

Please rebase on master, it should fix the checks failures.

bboreham added 2 commits April 10, 2021 14:52
@bboreham
Check for unreasonable data in binary propagation
e3037b2 
Assume the data is corrupt and return an error instead of attempting
to allocate hundreds of megabytes.

Signed-off-by: Bryan Boreham <bjboreham@gmail.com>
@bboreham
Change to W3C limits
0e95726 
Signed-off-by: Bryan Boreham <bjboreham@gmail.com>
@bboreham bboreham force-pushed the protect-binary-overload branch from ad05894 to 0e95726 Compare April 10, 2021 14:53
@bboreham bboreham requested a review from a team as a code owner April 10, 2021 14:53
@bboreham bboreham requested review from objectiser and removed request for a team April 10, 2021 14:53
@yurishkuro
Copy link
Member

not sure why CI is not running

@yurishkuro yurishkuro closed this Apr 10, 2021
@yurishkuro yurishkuro reopened this Apr 10, 2021
@yurishkuro yurishkuro merged commit 99ac6dc into jaegertracing:master Apr 11, 2021
This was referenced Apr 15, 2021
Closed
Closed
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@yurishkuro yurishkuro yurishkuro approved these changes

@objectiser objectiser Awaiting requested review from objectiser

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@bboreham @yurishkuro