Skip to content

Commit

Permalink
Reject frames larger than amqpprox max frame size
Browse files Browse the repository at this point in the history 
amqpprox supports frames up to a max size of 150000 bytes but frames
larger than this are not rejected. This patch ensures we reject larger
frames as soon as their length can be read.
  • Loading branch information
@adamncasey
adamncasey committed May 9, 2023
1 parent 871e570 commit d214a59
Show file tree
Hide file tree
Showing 2 changed files with 27 additions and 0 deletions.
8 changes: 8 additions & 0 deletions libamqpprox/amqpprox_frame.cpp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -54,6 +54,14 @@ bool Frame::decode(Frame *frame,
memcpy(&frame->length, &buffer[3], sizeof frame->length);

if ((frameOverhead() + frame->length) > bufferLen) {
if ((frameOverhead() + frame->length) > getMaxFrameSize()) {
LOG_ERROR << "Frame: " << (int)frame->type << " " << frame->channel
<< " was declared to be longer than max frame size ("
<< frame->length << " vs " << getMaxFrameSize()
<< "). Cannot decode.";
throw std::runtime_error(
"Cannot decode huge frame. See log for details");
}
return false;
}

Expand Down
19 changes: 19 additions & 0 deletions tests/amqpprox_frame.t.cpp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -206,3 +206,22 @@ TEST(Frame, Cant_Encode_Payload_Too_Large) {
EXPECT_FALSE(Frame::encode(output, &sz, f1));
}

TEST(Frame, BadFrameLength)
{
std::vector<uint8_t> buffer(Frame::getMaxFrameSize());
const void *endOfFrame = nullptr;
std::size_t remaining = 11111;

// This frame claims to have a length of 0xff000002 which is bigger than
// amqpprox's max supported frame size. We expect a decode error here.
const char *hugeFrame = "\x08\x00\x01\x0FF\x00\x00\x02\xFF\xFF\xCD\xFF";

buffer.assign(hugeFrame, hugeFrame + 11);
Frame f1;
EXPECT_THROW(
Frame::decode(&f1, &endOfFrame, &remaining, buffer.data(), 11),
std::runtime_error);

EXPECT_EQ(remaining, 11111);
EXPECT_EQ(endOfFrame, nullptr);
}

0 comments on commit d214a59

Please sign in to comment.