[jira] [Comment Edited] (AMQ-5777) Implement and test maxFrameSize for STOMP

Tue, 19 May 2015 12:54:13 -0700 

    [ 
https://issues.apache.org/jira/browse/AMQ-5777?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14551095#comment-14551095
 ] 

Timothy Bish edited comment on AMQ-5777 at 5/19/15 7:53 PM:
------------------------------------------------------------

The latest patch looks good, one thing I think you ought to consider though.  
Now that you've simplified the checks for action and header length I think the 
value of the StompFrameSize inner class in StompWireFromat is pretty small and 
the whole thing could be replaced by a single long value in StompWireFormat 
(reset on return from unmarshal) and also in StompCodec which does currently 
reset a class wide object on codec reset.  This avoids the need to keep 
calculating the length on every byte read from the socket stream and if kept as 
a class variable in StompWireFormat it avoids the garbage of creating a the 
size object on each unmarshal call.  What do you think?  

Given that StompFrameSize is passed to a couple methods you might keep it and 
just have it be an accumulator or just use an AtomicLong.  


was (Author: tabish121):
The latest patch looks good, one thing I think you ought to consider though.  
Now that you've simplified the checks for action and header length I think the 
value of the StompFrameSize inner class in StompWireFromat is pretty small and 
the whole thing could be replaced by a single long value in StompWireFormat 
(reset on return from unmarshal) and also in StompCodec which does currently 
reset a class wide object on codec reset.  This avoids the need to keep 
calculating the length on every byte read from the socket stream and if kept as 
a class variable in StompWireFormat it avoids the garbage of creating a the 
size object on each unmarshal call.  What do you think?  

> Implement and test maxFrameSize for STOMP
> -----------------------------------------
>
>                 Key: AMQ-5777
>                 URL: https://issues.apache.org/jira/browse/AMQ-5777
>             Project: ActiveMQ
>          Issue Type: Sub-task
>          Components: Broker
>    Affects Versions: 5.11.1
>            Reporter: Christopher L. Shannon
>            Assignee: Timothy Bish
>
> Implement and test {{maxFameSize}} for STOMP to help prevent DOS attacks.  
> Testing should include TCP, SSL, NIO and NIO+SSL, etc.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to