Update Stomp transports with improved validation#2064
Merged
Conversation
This update makes the following changes to improve validation for the Stomp transport: * Verifies that the first frame seen by the server is either a CONNECT (or FRAME) frame. * Verifies that a duplicate CONNECT (or FRAME) frame is not received. * Adds validation to make sure a content-length header that is set is not negative. * Adds a new server mode (default true) to the Stomp wireformat to handle the validation differences between clients and servers. Client mode is only used for testing (currently). Also adds the option to configure using the StompWireFormatFactory in case there is a future use case. * Centralizes the state tracking for frame size validation and for the new validation checks inside StompWireFormat so that it is shared by NIO, non-NIO and WS transports. * Adds tests to verify everything for the NIO transports, non-NIO transprots and WS transports. If any of these new validation checks throw a protocol error then it is marked as a fatal exception, an error is sent to the client and connection closed. Both NIO and non-NIO will stop parsing the rest of the frame on error, but only NIO transport errors will stop reading the frame from the socket buffer because non NIO requires reading the entire frame into a buffer first to validate.
tabish121
approved these changes
Jun 1, 2026
cshannon
added a commit
to cshannon/activemq
that referenced
this pull request
Jun 1, 2026
This update makes the following changes to improve validation for the Stomp transport: * Verifies that the first frame seen by the server is either a CONNECT (or FRAME) frame. * Verifies that a duplicate CONNECT (or FRAME) frame is not received. * Adds validation to make sure a content-length header that is set is not negative. * Adds a new server mode (default true) to the Stomp wireformat to handle the validation differences between clients and servers. Client mode is only used for testing (currently). Also adds the option to configure using the StompWireFormatFactory in case there is a future use case. * Centralizes the state tracking for frame size validation and for the new validation checks inside StompWireFormat so that it is shared by NIO, non-NIO and WS transports. * Adds tests to verify everything for the NIO transports, non-NIO transprots and WS transports. If any of these new validation checks throw a protocol error then it is marked as a fatal exception, an error is sent to the client and connection closed. Both NIO and non-NIO will stop parsing the rest of the frame on error, but only NIO transport errors will stop reading the frame from the socket buffer because non NIO requires reading the entire frame into a buffer first to validate. (cherry picked from commit 1493db9)
cshannon
added a commit
to cshannon/activemq
that referenced
this pull request
Jun 1, 2026
This update makes the following changes to improve validation for the Stomp transport: * Verifies that the first frame seen by the server is either a CONNECT (or FRAME) frame. * Verifies that a duplicate CONNECT (or FRAME) frame is not received. * Adds validation to make sure a content-length header that is set is not negative. * Adds a new server mode (default true) to the Stomp wireformat to handle the validation differences between clients and servers. Client mode is only used for testing (currently). Also adds the option to configure using the StompWireFormatFactory in case there is a future use case. * Centralizes the state tracking for frame size validation and for the new validation checks inside StompWireFormat so that it is shared by NIO, non-NIO and WS transports. * Adds tests to verify everything for the NIO transports, non-NIO transprots and WS transports. If any of these new validation checks throw a protocol error then it is marked as a fatal exception, an error is sent to the client and connection closed. Both NIO and non-NIO will stop parsing the rest of the frame on error, but only NIO transport errors will stop reading the frame from the socket buffer because non NIO requires reading the entire frame into a buffer first to validate. (cherry picked from commit 1493db9)
This was referenced Jun 2, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This update makes the following changes to improve validation for the Stomp transport:
If any of these new validation checks throw a protocol error then it is marked as a fatal exception, an error is sent to the client and connection closed. Both NIO and non-NIO will stop parsing the rest of the frame on error, but only NIO transport errors will stop reading the frame from the socket buffer because non NIO requires reading the entire frame into a buffer first to validate.