The connection pool trusts the shard id reported by the server and later indexes the per-shard connection array with it.
Code permalink:
|
let shard_info = connection.get_shard_info().as_ref(); |
Shard metadata validation ensures the shard count is nonzero, but it does not reject a shard id greater than or equal to the shard count. A malformed or buggy server response can therefore panic the pool worker instead of being treated as invalid sharding information.
Suggested direction: validate that the reported shard id is strictly less than the reported shard count before resizing/indexing the per-shard pool state.
The connection pool trusts the shard id reported by the server and later indexes the per-shard connection array with it.
Code permalink:
scylla-rust-driver/scylla/src/network/connection_pool.rs
Line 826 in e04a12a
Shard metadata validation ensures the shard count is nonzero, but it does not reject a shard id greater than or equal to the shard count. A malformed or buggy server response can therefore panic the pool worker instead of being treated as invalid sharding information.
Suggested direction: validate that the reported shard id is strictly less than the reported shard count before resizing/indexing the per-shard pool state.