refactor: replace all http with rpc for interaction with xLLM instance.#39
refactor: replace all http with rpc for interaction with xLLM instance.#39weizhehuang0827 wants to merge 1 commit intojd-opensource:mainfrom
Conversation
![gemini-code-assist[bot]](https://avatars.githubusercontent.com/in/956858?s=60&v=4){kind=small}
There was a problem hiding this comment.
Code Review
This pull request refactors the communication between the xllm_service and backend xLLM instances from HTTP to RPC, a positive change intended to improve performance and simplify communication. However, a critical high-severity Denial of Service (DoS) vulnerability has been identified in the newly introduced HTTP header parsing logic. The GetJsonContentLength function in xllm_service/http_service/service.cpp uses LOG(FATAL) for missing headers and calls std::stoul on untrusted input without exception handling, which can lead to service crashes. Additionally, undefined behavior was found in the scheduler due to a missing return statement in a lambda function. Robust error handling is required to mitigate the DoS vulnerability, and the scheduler issue needs to be resolved.
weizhehuang0827
force-pushed
the
replace_with_rpc
branch
from
e0505c0 to
84df819
Compare
weizhehuang0827
force-pushed
the
replace_with_rpc
branch
from
84df819 to
c6af8ad
Compare
1 participant
wait for xLLM pr 837