From 18033486aec5de46833a2437026a0494c6485460 Mon Sep 17 00:00:00 2001 From: Sebastien Deleuze Date: Mon, 10 Nov 2014 17:12:08 +0100 Subject: [PATCH] Check STOMP headers against ending backslash Issue: SPR-12418 --- .../springframework/messaging/simp/stomp/StompDecoder.java | 3 +++ .../messaging/simp/stomp/BufferingStompDecoderTests.java | 7 +++++++ 2 files changed, 10 insertions(+) diff --git a/spring-messaging/src/main/java/org/springframework/messaging/simp/stomp/StompDecoder.java b/spring-messaging/src/main/java/org/springframework/messaging/simp/stomp/StompDecoder.java index 217c760045..41e6b01703 100644 --- a/spring-messaging/src/main/java/org/springframework/messaging/simp/stomp/StompDecoder.java +++ b/spring-messaging/src/main/java/org/springframework/messaging/simp/stomp/StompDecoder.java @@ -260,6 +260,9 @@ public class StompDecoder { while (index >= 0) { sb.append(inString.substring(pos, index)); + if((index + 1) >= inString.length()) { + throw new StompConversionException("Illegal escape sequence at index " + index + ": " + inString); + } Character c = inString.charAt(index + 1); if (c == 'r') { sb.append('\r'); diff --git a/spring-messaging/src/test/java/org/springframework/messaging/simp/stomp/BufferingStompDecoderTests.java b/spring-messaging/src/test/java/org/springframework/messaging/simp/stomp/BufferingStompDecoderTests.java index 3ca17848e4..c7f4df501d 100644 --- a/spring-messaging/src/test/java/org/springframework/messaging/simp/stomp/BufferingStompDecoderTests.java +++ b/spring-messaging/src/test/java/org/springframework/messaging/simp/stomp/BufferingStompDecoderTests.java @@ -185,6 +185,13 @@ public class BufferingStompDecoderTests { assertEquals(0, messages.size()); } + @Test(expected = StompConversionException.class) // SPR-12418 + public void endingBackslashHeaderValueCheck() throws InterruptedException { + BufferingStompDecoder stompDecoder = new BufferingStompDecoder(STOMP_DECODER, 128); + String payload = "SEND\na:alpha\\\n\nMessage body\0"; + stompDecoder.decode(toByteBuffer(payload)); + } + private ByteBuffer toByteBuffer(String chunk) { return ByteBuffer.wrap(chunk.getBytes(Charset.forName("UTF-8")));