activemq-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Holger Hoffstaette" <hol...@wizards.de>
Subject BytesMessage vs. already compressed byte[] payloads - fixed in 4.x?
Date Wed, 18 Oct 2006 21:44:35 GMT

Hi,

ActiveMQ 3.x unconditionally uncompresses BytesMessages whose input byte[]
was already compressed with the JDK-builtin GZip stuff. This is obviously
wrong since the compressed original byte[] should come out on the other
end, not the huge uncompressed payload. Is this fixed in 4.x? I figured I
ask before I forward-port. This bug makes ActiveMQ susceptible to DOS
attacks, even unintentionally if someone sends a meager 10 MB of
compressed XML over the wire that is exploded to >1GB, taking the VM with
it.
A simple ActiveMQ-specific prepended tag indicating transport-level
compression (or not) would help to distinguish between the two. If this
warrants a JIRA please yell.

thanks
Holger

PS: http://en.wikipedia.org/wiki/Zip_of_death, s/zip/gzip/r ;)



Mime
View raw message