Description
When you send incorrect message to AMQP transform, it will stuck in endless loop and write lot of error messages to console output.
This way, you can send numbers of incorrect messages and ActiveMQ will create new thread for each of them. This way can attacker create thousands of threads in few minutes and completely overload server machine.
Problem is in org.apache.activemq.transport.amqp.AmqpProtocolConverter class. It throws exception(exception.txt) and loop never ends:
Line 158:
int count = protonTransport.input(frame.data, frame.offset, frame.length);
Two solutions are possible:
1. Add "return" statement to catch block (patch1.txt).
2. Run "frame.moveHead(count);" in finally block with some default positive count (patch2.txt)
I would prefer the first variant.
This happens when you try to send message from client with older version of AMQP protocol.