commit c223dbced7d5a8d1920fe764cbce42cf844538e1
Author: Mohammed Naser <email address hidden>
Date: Wed Dec 1 11:19:26 2021 +0400
Bump max_buffer_size for Deserializer
Since msgpack 0.6.0, some limits were introduced for the
deserializer which were put in to avoid any denial of service
attacks using msgpack. These limits were raised to 100MiB
in the release of msgpack 1.0.0.
The default buffer sizes that were implemented were quite low
and when running certain `privsep` commands, especially for
Neutron when using linux bridge, where there is a large amount
of netdevs, privsep would crash since msgpack would fail to
decode the message since it considers it too big:
ValueError: 1174941 exceeds max_str_len(1048576)
In this commit, the `max_buffer_size` is bumped to the value
that ships with msgpack==1.0.0 to allow for users who don't
have that to continue to function. Also, since `msgpack` is
only being used by the internal API, we're not worried about
a third party coming in and overwhelming the system by
deserializing calls.
This fix also addresses some weird behaviour where privsep
will die and certain OpenStack agents would start to behave
in a strange way once they hit a certain number of ports (since
any privsep calls would start to fail).
Reviewed: https:/ /review. opendev. org/c/openstack /oslo.privsep/ +/819996 /opendev. org/openstack/ oslo.privsep/ commit/ c223dbced7d5a8d 1920fe764cbce42 cf844538e1
Committed: https:/
Submitter: "Zuul (22348)"
Branch: master
commit c223dbced7d5a8d 1920fe764cbce42 cf844538e1
Author: Mohammed Naser <email address hidden>
Date: Wed Dec 1 11:19:26 2021 +0400
Bump max_buffer_size for Deserializer
Since msgpack 0.6.0, some limits were introduced for the
deserializer which were put in to avoid any denial of service
attacks using msgpack. These limits were raised to 100MiB
in the release of msgpack 1.0.0.
The default buffer sizes that were implemented were quite low
and when running certain `privsep` commands, especially for
Neutron when using linux bridge, where there is a large amount
of netdevs, privsep would crash since msgpack would fail to
decode the message since it considers it too big:
ValueError: 1174941 exceeds max_str_ len(1048576)
In this commit, the `max_buffer_size` is bumped to the value
that ships with msgpack==1.0.0 to allow for users who don't
have that to continue to function. Also, since `msgpack` is
only being used by the internal API, we're not worried about
a third party coming in and overwhelming the system by
deserializing calls.
This fix also addresses some weird behaviour where privsep
will die and certain OpenStack agents would start to behave
in a strange way once they hit a certain number of ports (since
any privsep calls would start to fail).
Closes-Bug: #1844822 5377d07566317ef 0fc0d16e7cb
Closes-Bug: #1896734
Related-Bug: #1928764
Closes-Bug: #1952611
Change-Id: I135917522daff9