envoy icon indicating copy to clipboard operation
envoy copied to clipboard
verified publisher icon envoyproxy

grpc: Add support for max frame length in gPRC frame decoding

Open tyxia opened this issue 1 year ago • 2 comments

The workflow:

  • Client of gRPC decoder configure the max_frame_length via setMaxFrameLength()
  • At beginning of gRPC frame decoding process ( before frameDataStart()), total length of the frame is determined.
  • If max_frame_length is configured and total length exceeds the limit, the decoding process which includes excessive data addition/storage (i.e. frameData()) will be skipped and returned.

The use case/ motivation: Enable max_receive_message_length in Envoy-gRPC (which use gRPC decoder) .

  • When the message is over limit, it can be rejected before frame data is fully decoded (i.e. expanded).
  • This can prevent malicious attack , for example, unbounded and huge message is sent over channel and is injected and buffered in Envoy over Envoy-gRPC.

Next step:

  • Refactor bool Decoder::decode method: Change the return type from bool to absl:status so that the caller can identify whether it is decoding error or over-limit error.

tyxia avatar Feb 22 '24 03:02 tyxia

As a reminder, PRs marked as draft will not be automatically assigned reviewers, or be handled by maintainer-oncall triage.

Please mark your PR as ready when you want it to be reviewed!

:cat:

Caused by: https://github.com/envoyproxy/envoy/pull/32511 was opened by tyxia.

see: more, trace.

repokitteh-read-only[bot] avatar Feb 22 '24 03:02 repokitteh-read-only[bot]

/assign @htuch

PTAL, Thanks!

tyxia avatar Feb 22 '24 17:02 tyxia

/assign @yanavlasov

Add Yan per offline discussion

tyxia avatar Feb 28 '24 20:02 tyxia