Jens Deppe created GEODE-9676:
---------------------------------
Summary: Limit Radish RESP bulk input sizes for unauthenticated
connections
Key: GEODE-9676
URL: https://issues.apache.org/jira/browse/GEODE-9676
Project: Geode
Issue Type: Test
Components: redis
Reporter: Jens Deppe
Redis recently implemented a response to a CVE which allows for unauthenticated
users to craft RESP requests which consume a lot of memory. Our implementation
suffers from the same problem.
For example, a command input starting with `*<MAX_INT>` would result in the JVM
trying to allocate an array of size `MAX_INT`.
We need to be able to provide the same safeguards as Redis does.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
