-
Notifications
You must be signed in to change notification settings - Fork 620
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
body fragmentation off by 8 #18
Comments
Good catch. Looks like the fragmentation test isn't catching this either. |
I should note that the RabbitMQ server currently lets clients get away with sending frames of any size, regardless of the negotiated max size. But that will likely change in the future since it is a DoS vector. |
This is correct (about off-by-8). There used to be an errata page on this on the wiki. As far as I know, RabbitMQ 2.9 will already close connections when client payload size does not match. RabbitMQ engineers contacted client maintainers about this a while ago. |
The errata is now found here: http://www.rabbitmq.com/amqp-0-9-1-errata.html And the XML spec is very clear about this:
|
AFAIK the code fragments bodies at frame_max. However, in AMQP, the negotiated frame_max limits the total frame size, including header and end marker, which add up to 8 octets in total. Hence body fragmentation should occur in chunks of frame_max-8.
The text was updated successfully, but these errors were encountered: