(otelarrowreceiver): blocking clients that misuse the otlp-pdata-size header

Question

(otelarrowreceiver): blocking clients that misuse the otlp-pdata-size header

Opened this issue 4 months ago · 0 comments

After #181 is merged there is a potential vulnerability where clients can misuse the otlp-pdata-size header that the otelarrowexporter adds to outgoing requests. This header is meant to allow the receiver to know the uncompressed size of the incoming request without doing any decompression or translation/allocations into pdata objects, so that we can have finer control over the inflight memory usage within the receiver.

However as was pointed out in #181 (comment) this header could be misused with values much larger than the actual uncompressed size and potentially block our receivers from processing any other requests. We need a method to identify clients that misuse this header and ban them from sending subsequent requests to ensure the availability of our server.