Skip to content

[v25.3.x] [CORE-15247] kafka: add size validation to string & arrays read off the wire#29227

Merged
michael-redpanda merged 3 commits intoredpanda-data:v25.3.xfrom
vbotbuildovich:backport-pr-29208-v25.3.x-321
Jan 12, 2026
Merged

[v25.3.x] [CORE-15247] kafka: add size validation to string & arrays read off the wire#29227
michael-redpanda merged 3 commits intoredpanda-data:v25.3.xfrom
vbotbuildovich:backport-pr-29208-v25.3.x-321

Conversation

@vbotbuildovich
Copy link
Copy Markdown
Collaborator

@vbotbuildovich vbotbuildovich commented Jan 12, 2026

Backport of PR #29208

WillemKauf and others added 3 commits January 12, 2026 13:35
@WillemKauf @vbotbuildovich
kafka: pre-validate sizes when reading off the wire
3d2b710 
For string, array, and number of tags.

(cherry picked from commit 13d3f76)
@WillemKauf @vbotbuildovich
kafka: add extra logging detail in connection_context
ccc16a2 
(cherry picked from commit 61bfa92)
@WillemKauf @claude @vbotbuildovich
kafka: add unit tests for wire protocol validation
f97e499 
Add wire_validation_test.cc with tests that verify bounds checking
and error handling in the Kafka protocol decoder. Tests cover:
- Array length validation (exceeds buffer, negative, max int32)
- Flex array validation (exceeds buffer, zero length)
- String/flex string validation (exceeds buffer, negative/zero length)
- Bytes/flex bytes validation
- Tagged fields validation (count exceeds buffer, duplicate/non-ascending
  IDs, size exceeds buffer)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
(cherry picked from commit a78c238)
@vbotbuildovich vbotbuildovich added this to the v25.3.x-next milestone Jan 12, 2026
@vbotbuildovich vbotbuildovich added the kind/backport PRs targeting a stable branch label Jan 12, 2026
@michael-redpanda michael-redpanda merged commit da0b22e into redpanda-data:v25.3.x Jan 12, 2026
19 checks passed
@tyson-redpanda tyson-redpanda modified the milestones: v25.3.x-next, v25.3.5 Jan 12, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@WillemKauf WillemKauf WillemKauf approved these changes

Assignees

No one assigned

Labels

area/build area/redpanda kind/backport PRs targeting a stable branch

Projects

None yet

Milestone

v25.3.5

Development

Successfully merging this pull request may close these issues.

4 participants

@vbotbuildovich @WillemKauf @michael-redpanda @tyson-redpanda