cshannon opened a new pull request, #2065: URL: https://github.com/apache/activemq/pull/2065
This update makes the following changes to improve validation for the Stomp transport: * Verifies that the first frame seen by the server is either a CONNECT (or FRAME) frame. * Verifies that a duplicate CONNECT (or FRAME) frame is not received. * Adds validation to make sure a content-length header that is set is not negative. * Adds a new server mode (default true) to the Stomp wireformat to handle the validation differences between clients and servers. Client mode is only used for testing (currently). Also adds the option to configure using the StompWireFormatFactory in case there is a future use case. * Centralizes the state tracking for frame size validation and for the new validation checks inside StompWireFormat so that it is shared by NIO, non-NIO and WS transports. * Adds tests to verify everything for the NIO transports, non-NIO transprots and WS transports. If any of these new validation checks throw a protocol error then it is marked as a fatal exception, an error is sent to the client and connection closed. Both NIO and non-NIO will stop parsing the rest of the frame on error, but only NIO transport errors will stop reading the frame from the socket buffer because non NIO requires reading the entire frame into a buffer first to validate. (cherry picked from commit 1493db95b5918d4f4a305fd1df8155f57c38850b) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected] For further information, visit: https://activemq.apache.org/contact
