[
https://issues.apache.org/jira/browse/AMQ-5777?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14548612#comment-14548612
]
Timothy Bish commented on AMQ-5777:
-----------------------------------
One thing that seems odd is the continual recalculation of the maxCommandLength
and maxHeaderLength in the parseAction and parseHeaders methods. I think that
at the very least we probably don't need to check the value of the action bit
beyond checking it against the max command length each time, the current limit
of 1024 there seems a bit to large given the current values for commands in the
STOMP spec. Having a maxFrameSize so small that it stopped the action from
being read would just break the transport in any event.
Probably good to take some measurements and see what the least impact solution
would be.
> Implement and test maxFrameSize for STOMP
> -----------------------------------------
>
> Key: AMQ-5777
> URL: https://issues.apache.org/jira/browse/AMQ-5777
> Project: ActiveMQ
> Issue Type: Sub-task
> Components: Broker
> Affects Versions: 5.11.1
> Reporter: Christopher L. Shannon
> Assignee: Timothy Bish
>
> Implement and test {{maxFameSize}} for STOMP to help prevent DOS attacks.
> Testing should include TCP, SSL, NIO and NIO+SSL, etc.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
