[
https://issues.apache.org/jira/browse/AMQ-5777?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14545747#comment-14545747
]
Christopher L. Shannon commented on AMQ-5777:
---------------------------------------------
Timothy,
I took a look today at {{StompWireFormat}} and there is a check for max content
length as you mentioned (as well as a couple of other checks for things like
header length). However, there isn't a check against maxFrameSize for the
overall frame like OpenWire provides. I can go ahead and add a maxFrameSize
check during unmarshalling to check against the sum of the entire frame
(action, headers, and the content). I'll push up a pull request with tests
when I'm done so you can take a look.
Chris
> Implement and test maxFrameSize for STOMP
> -----------------------------------------
>
> Key: AMQ-5777
> URL: https://issues.apache.org/jira/browse/AMQ-5777
> Project: ActiveMQ
> Issue Type: Sub-task
> Components: Broker
> Affects Versions: 5.11.1
> Reporter: Christopher L. Shannon
>
> Implement and test {{maxFameSize}} for STOMP to help prevent DOS attacks.
> Testing should include TCP, SSL, NIO and NIO+SSL, etc.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
