body fragmentation off by 8

[rade]

AFAIK the code fragments bodies at frame_max. However, in AMQP, the negotiated frame_max limits the total frame size, including header and end marker, which add up to 8 octets in total. Hence body fragmentation should occur in chunks of frame_max-8.

[streadway]

Good catch. Looks like the fragmentation test isn't catching this either.

[rade]

I should note that the RabbitMQ server currently lets clients get away with sending frames of any size, regardless of the negotiated max size. But that will likely change in the future since it is a DoS vector.

[michaelklishin]

This is correct (about off-by-8). There used to be an errata page on this on the wiki. As far as I know, RabbitMQ 2.9 will already close connections when client payload size does not match.

RabbitMQ engineers contacted client maintainers about this a while ago.

[streadway]

The errata is now found here: http://www.rabbitmq.com/amqp-0-9-1-errata.html

And the XML spec is very clear about this:

The largest frame size that the server proposes for the connection, including frame header and end-byte. The client can negotiate a lower value. Zero means that the server does not impose any specific limit but may reject very large frames if it cannot allocate resources for them.