[continued from previous message]

++ dataOut.writeBoolean(data != null);
++ if (data != null) {
++ // Write an invalid length that is much larger than it should be ++ dataOut.writeInt(data.getLength() * 10);
++ dataOut.write(data.getData(), data.getOffset(), data.getLength());
++ }
++ }
++
++ protected static void badLooseMarshalByteArray(byte[] data,
++ DataOutput dataOut) throws IOException {
++ dataOut.writeBoolean(data != null);
++ if (data != null) {
++ // Write an invalid length that is much larger than it should be ++ dataOut.writeInt(data.length * 10);
++ dataOut.write(data);
++ }
++ }
++
++ protected static void badTightMarshalByteArray(byte[] data, DataOutput dataOut,
++ BooleanStream bs) throws IOException {
++ if (bs.readBoolean()) {
++ // Write an invalid length that is much larger than it should be ++ dataOut.writeInt(data.length * 10);
++ dataOut.write(data);
++ }
++ }
++
++ // This will create a proxy object to wrap the marhallers so that we can intercept
++ // both the byte and bytesequence methods to write bad sizes for testing ++ protected DataStreamMarshaller proxyBadBufferCommand(DataStreamMarshaller marshaller) {
++ ProxyFactory factory = new ProxyFactory();
++ factory.setSuperclass(marshaller.getClass());
++ Class<?> clazz = factory.createClass();
++
++ try {
++ DataStreamMarshaller instance = (DataStreamMarshaller) clazz.getConstructor().newInstance();
++ ((ProxyObject) instance).setHandler(new BadBufferProxy());
++ return instance;
++ } catch (Exception e) {
++ throw new RuntimeException(e);
++ }
++ }
++
++ protected static class BadBufferProxy implements MethodHandler {
++
++ @Override
++ public Object invoke(Object self, Method thisMethod, Method proceed, Object[] args) throws Throwable {
++ Object result = null;
++
++ try {
++ // This handles writing a bad size for all 4 types of methods that should validate
++ switch (thisMethod.getName()) {
++ case "looseMarshalByteArray":
++ badLooseMarshalByteArray((byte[]) args[1], (DataOutput) args[2]);
++ break;
++ case "tightMarshalByteArray2":
++ badTightMarshalByteArray((byte[]) args[0], (DataOutput) args[1], (BooleanStream) args[2]);
++ break;
++ case "looseMarshalByteSequence":
++ badLooseMarshalByteSequence((ByteSequence) args[1], (DataOutput) args[2]);
++ break;
++ case "tightMarshalByteSequence2":
++ badTightMarshalByteSequence((ByteSequence) args[0], (DataOutput) args[1], (BooleanStream) args[2]);
++ break;
++ default:
++ result = proceed.invoke(self, args);
++ break;
++ }
++ } catch (InvocationTargetException e) {
++ throw e.getCause();
++ }
++
++ return result;
++ }
++ }
+ }
+--- a/activemq-openwire-legacy/pom.xml
++++ b/activemq-openwire-legacy/pom.xml
+@@ -47,6 +47,11 @@
+ <artifactId>junit</artifactId>
+ <scope>test</scope>
+ </dependency>
++ <dependency>
++ <groupId>org.javassist</groupId>
++ <artifactId>javassist</artifactId>
++ <scope>test</scope>
++ </dependency>
+ </dependencies>
+
+ </project>
+--- a/activemq-openwire-legacy/src/main/java/org/apache/activemq/openwire/v2/BaseDataStreamMarshaller.java
++++ b/activemq-openwire-legacy/src/main/java/org/apache/activemq/openwire/v2/BaseDataStreamMarshaller.java
+@@ -410,10 +410,11 @@
+ }
+ }
+
+- protected byte[] tightUnmarshalByteArray(DataInput dataIn, BooleanStream bs) throws IOException {
++ protected byte[] tightUnmarshalByteArray(OpenWireFormat wireFormat, DataInput dataIn, BooleanStream bs) throws IOException {
+ byte rc[] = null;
+ if (bs.readBoolean()) {
+ int size = dataIn.readInt();
++ OpenWireUtil.validateBufferSize(wireFormat, size);
+ rc = new byte[size];
+ dataIn.readFully(rc);
+ }
+@@ -437,10 +438,11 @@
+ }
+ }
+
+- protected ByteSequence tightUnmarshalByteSequence(DataInput dataIn, BooleanStream bs) throws IOException {
++ protected ByteSequence tightUnmarshalByteSequence(OpenWireFormat wireFormat, DataInput dataIn, BooleanStream bs) throws IOException {
+ ByteSequence rc = null;
+ if (bs.readBoolean()) {
+ int size = dataIn.readInt();
++ OpenWireUtil.validateBufferSize(wireFormat, size);
+ byte[] t = new byte[size];
+ dataIn.readFully(t);
+ return new ByteSequence(t, 0, size);
+@@ -617,10 +619,11 @@
+ }
+ }
+
+- protected byte[] looseUnmarshalByteArray(DataInput dataIn) throws IOException {
++ protected byte[] looseUnmarshalByteArray(OpenWireFormat wireFormat, DataInput dataIn) throws IOException {
+ byte rc[] = null;
+ if (dataIn.readBoolean()) {
+ int size = dataIn.readInt();
++ OpenWireUtil.validateBufferSize(wireFormat, size);
+ rc = new byte[size];
+ dataIn.readFully(rc);
+ }
+@@ -636,10 +639,11 @@
+ }
+ }
+
+- protected ByteSequence looseUnmarshalByteSequence(DataInput dataIn) throws IOException {
++ protected ByteSequence looseUnmarshalByteSequence(OpenWireFormat wireFormat, DataInput dataIn) throws IOException {
+ ByteSequence rc = null;
+ if (dataIn.readBoolean()) {
+ int size = dataIn.readInt();
++ OpenWireUtil.validateBufferSize(wireFormat, size);
+ byte[] t = new byte[size];
+ dataIn.readFully(t);
+ rc = new ByteSequence(t, 0, size);
+--- a/activemq-openwire-legacy/src/main/java/org/apache/activemq/openwire/v2/MessageMarshaller.java
++++ b/activemq-openwire-legacy/src/main/java/org/apache/activemq/openwire/v2/MessageMarshaller.java
+@@ -65,8 +65,8 @@
+ info.setReplyTo((org.apache.activemq.command.ActiveMQDestination)tightUnmarsalNestedObject(wireFormat, dataIn, bs));
+ info.setTimestamp(tightUnmarshalLong(wireFormat, dataIn, bs));
+ info.setType(tightUnmarshalString(dataIn, bs));
+- info.setContent(tightUnmarshalByteSequence(dataIn, bs));
+- info.setMarshalledProperties(tightUnmarshalByteSequence(dataIn, bs)); ++ info.setContent(tightUnmarshalByteSequence(wireFormat, dataIn, bs)); ++ info.setMarshalledProperties(tightUnmarshalByteSequence(wireFormat, dataIn, bs));
+ info.setDataStructure((org.apache.activemq.command.DataStructure)tightUnmarsalNestedObject(wireFormat, dataIn, bs));
+ info.setTargetConsumerId((org.apache.activemq.command.ConsumerId)tightUnmarsalCachedObject(wireFormat, dataIn, bs));
+ info.setCompressed(bs.readBoolean());
+@@ -199,8 +199,8 @@

[continued in next message]

--- SoupGate-Win32 v1.05
* Origin: you cannot sedate... all the things you hate (1:229/2)