vert-x3 / vertx-stomp

STOMP client/server implementation
Apache License 2.0
31 stars 28 forks source link

STOMP Header Decoder fails with certain passwords #75

Closed lfmunoz closed 2 years ago

lfmunoz commented 2 years ago

I have a password with:

3q7y0hARS6"E6V4Pt\78w866'2s:3G_`.

io.vertx.ext.stomp.impl.FrameException: Invalid header line : '���/5�'                                                                                                                                             
        at io.vertx.ext.stomp.impl.FrameParser.reportOrThrow(FrameParser.java:235)                                                                                                                                 
        at io.vertx.ext.stomp.impl.FrameParser.handleLine(FrameParser.java:130)                                                                                                                                    
        at io.vertx.core.parsetools.impl.RecordParserImpl.handleParsing(RecordParserImpl.java:214)                                                                                                                 
        at io.vertx.core.parsetools.impl.RecordParserImpl.handle(RecordParserImpl.java:285)                                                                                                                        
        at io.vertx.ext.stomp.impl.FrameParser.handle(FrameParser.java:221)                                                                                                                                        
        at io.vertx.ext.stomp.impl.FrameParser.handle(FrameParser.java:35)                                                                                                                                         
        at io.vertx.core.net.impl.NetSocketImpl$DataMessageHandler.handle(NetSocketImpl.java:378)                                                                                                                  
        at io.vertx.core.net.impl.NetSocketImpl.lambda$new$2(NetSocketImpl.java:100)                                                                                                                               
        at io.vertx.core.streams.impl.InboundBuffer.handleEvent(InboundBuffer.java:237)                                                                                                                            
        at io.vertx.core.streams.impl.InboundBuffer.write(InboundBuffer.java:127)                                                                                                                                  
        at io.vertx.core.net.impl.NetSocketImpl.handleMessage(NetSocketImpl.java:356)                                                                                                                              
        at io.vertx.co

I guess something wrong with:

https://github.com/vert-x3/vertx-stomp/blob/60e2a5b2eaf4d966f9bbdf49d94bb35585e3c8c4/src/main/java/io/vertx/ext/stomp/impl/HeaderCodec.java

If working as intended please document what is allowed and isn't allowed. I don't control what the client sets their password to.

@cescoffier is it obvious to you what the fix would be? Willing to do pull request with some guidance.

lfmunoz commented 2 years ago

From the STOMP specification https://stomp.github.io/stomp-specification-1.2.html#Frames_and_Headers

The password seems valid.

lfmunoz commented 2 years ago

Never mind this is working as intended. Standard says:

Undefined escape sequences such as \t (octet 92 and 116) MUST be treated as a fatal protocol error. Conversely when encoding frame headers, the reverse transformation MUST be applied.