[jira] [Closed] (AMQ-8351) MaxFrameSize is not protecting against allocating big buffer

Wed, 05 Jul 2023 04:29:03 -0700 


     [ 
https://issues.apache.org/jira/browse/AMQ-8351?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Christopher L. Shannon closed AMQ-8351.
---------------------------------------
    Resolution: Not A Problem

MaxFrameSize is not handled by OpenWireFormat. It's just a property on the 
format, the actual value is used and read by the transports processing the 
frames. For example, in NIOSSLTransport it is read and used here when 
processing frames:

https://github.com/apache/activemq/blob/673f4b33e8eea5899805cf21a7548ac4c9f1b6a8/activemq-client/src/main/java/org/apache/activemq/transport/nio/NIOSSLTransport.java#L338-L346

> MaxFrameSize is not protecting against allocating big buffer
> ------------------------------------------------------------
>
>                 Key: AMQ-8351
>                 URL: https://issues.apache.org/jira/browse/AMQ-8351
>             Project: ActiveMQ
>          Issue Type: Bug
>          Components: Transport
>    Affects Versions: 5.12.2, 5.13.5, 5.14.5, 5.15.14, 5.16.2, 5.17.5
>            Reporter: Marcin
>            Priority: Major
>
> I found that some incoming data can allocate much bigger buffer (up to max 
> int size) than frame size limit. This can lead to oom. I created junit test 
> to show the problem:
>  
> import java.io.ByteArrayInputStream;
> import java.io.ByteArrayOutputStream;
> import java.io.DataInput;
> import java.io.DataInputStream;
> import java.io.IOException;
> import com.google.common.primitives.Ints;
> import org.junit.jupiter.api.Test;
> import static org.junit.jupiter.api.Assertions.assertEquals;
> import static org.junit.jupiter.api.Assertions.assertThrows;
> class OpenWireFormatTest {
>  @Test
>  void maxFrameSizeTest() {
>  ByteArrayOutputStream outputStream = new ByteArrayOutputStream();
>  try {
>  outputStream.write(Ints.toByteArray(999));
>  outputStream.write(1);
>  outputStream.write(Ints.toByteArray(2000000000));
>  outputStream.write(Ints.toByteArray(2000000000));
>  outputStream.write(Ints.toByteArray(2000000000));
>  outputStream.write(1);
>  outputStream.write(Ints.toByteArray(2000000000));
>  outputStream.write(Ints.toByteArray(2000000000));
>  outputStream.write(Ints.toByteArray(2000000000));
>  outputStream.write(Ints.toByteArray(2000000000));
>  outputStream.write(Ints.toByteArray(2000000000));
>  } catch (IOException e) {
>  e.printStackTrace();
>  }
>  ByteArrayInputStream byteArrayInputStream = new 
> ByteArrayInputStream(outputStream.toByteArray());
>  DataInput dataInput = new DataInputStream(byteArrayInputStream);
>  OpenWireFormat openWireFormat = new OpenWireFormat();
>  openWireFormat.setMaxFrameSize(1000);
>  final IOException ioException = assertThrows(IOException.class, () -> 
> openWireFormat.unmarshal(dataInput));
>  assertEquals("Frame size of 1907 MB larger than max allowed 100 MB", 
> ioException.getMessage());
>  }



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Reply via email to