From c223dbced7d5a8d1920fe764cbce42cf844538e1 Mon Sep 17 00:00:00 2001 From: Mohammed Naser Date: Wed, 1 Dec 2021 11:19:26 +0400 Subject: [PATCH] Bump max_buffer_size for Deserializer Since msgpack 0.6.0, some limits were introduced for the deserializer which were put in to avoid any denial of service attacks using msgpack. These limits were raised to 100MiB in the release of msgpack 1.0.0. The default buffer sizes that were implemented were quite low and when running certain `privsep` commands, especially for Neutron when using linux bridge, where there is a large amount of netdevs, privsep would crash since msgpack would fail to decode the message since it considers it too big: ValueError: 1174941 exceeds max_str_len(1048576) In this commit, the `max_buffer_size` is bumped to the value that ships with msgpack==1.0.0 to allow for users who don't have that to continue to function. Also, since `msgpack` is only being used by the internal API, we're not worried about a third party coming in and overwhelming the system by deserializing calls. This fix also addresses some weird behaviour where privsep will die and certain OpenStack agents would start to behave in a strange way once they hit a certain number of ports (since any privsep calls would start to fail). Closes-Bug: #1844822 Closes-Bug: #1896734 Related-Bug: #1928764 Closes-Bug: #1952611 Change-Id: I135917522daff95377d07566317ef0fc0d16e7cb --- oslo_privsep/comm.py | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/oslo_privsep/comm.py b/oslo_privsep/comm.py index c609a87..9de82b4 100644 --- a/oslo_privsep/comm.py +++ b/oslo_privsep/comm.py @@ -72,7 +72,8 @@ class Deserializer(six.Iterator): self.readsock = readsock self.unpacker = msgpack.Unpacker(use_list=False, raw=False, strict_map_key=False, - unicode_errors='surrogateescape') + unicode_errors='surrogateescape', + max_buffer_size=100 * 1024 * 1024) def __iter__(self): return self