From 054e7995b365dfae6c8e63882944423f0b474326 Mon Sep 17 00:00:00 2001
From: Colm O hEigeartaigh <coheigea@apache.org>
Date: Mon, 31 Aug 2020 10:39:04 +0100
Subject: [PATCH] AMQ-8029 - Place a bound on the data read in
 MessageServletSupport

(cherry picked from commit 66cb8d4cfb501ab5a76fa0a5ebb06d0eafdeec07)
---
 .../transport/http/HttpTunnelServlet.java       | 15 ---------------
 .../src/main/resources/features-core.xml        |  1 +
 activemq-osgi/pom.xml                           |  1 +
 activemq-web/pom.xml                            |  4 ++++
 .../activemq/web/MessageServletSupport.java     | 17 ++++++++++++++++-
 assembly/src/main/descriptors/common-bin.xml    |  1 +
 6 files changed, 23 insertions(+), 16 deletions(-)

diff --git a/activemq-http/src/main/java/org/apache/activemq/transport/http/HttpTunnelServlet.java b/activemq-http/src/main/java/org/apache/activemq/transport/http/HttpTunnelServlet.java
index a7285dabf0..b7766a266b 100644
--- a/activemq-http/src/main/java/org/apache/activemq/transport/http/HttpTunnelServlet.java
+++ b/activemq-http/src/main/java/org/apache/activemq/transport/http/HttpTunnelServlet.java
@@ -161,21 +161,6 @@ public class HttpTunnelServlet extends HttpServlet {
         return true;
     }
 
-    protected String readRequestBody(HttpServletRequest request) throws IOException {
-        StringBuffer buffer = new StringBuffer();
-        BufferedReader reader = request.getReader();
-        while (true) {
-            String line = reader.readLine();
-            if (line == null) {
-                break;
-            } else {
-                buffer.append(line);
-                buffer.append("\n");
-            }
-        }
-        return buffer.toString();
-    }
-
     protected BlockingQueueTransport getTransportChannel(HttpServletRequest request, HttpServletResponse response) throws IOException {
         String clientID = request.getHeader("clientID");
         if (clientID == null) {
diff --git a/activemq-karaf/src/main/resources/features-core.xml b/activemq-karaf/src/main/resources/features-core.xml
index 5ca943d275..43e76fc786 100644
--- a/activemq-karaf/src/main/resources/features-core.xml
+++ b/activemq-karaf/src/main/resources/features-core.xml
@@ -52,6 +52,7 @@
       <feature>http</feature>
       <feature version="${project.version}">activemq-client</feature>
       <bundle>mvn:org.apache.activemq/activemq-karaf/${project.version}</bundle>
+      <bundle dependency="true">mvn:commons-io/commons-io/${commons-io-version}</bundle>
       <bundle dependency="true">mvn:commons-collections/commons-collections/${commons-collections-version}</bundle>
       <bundle dependency='true'>mvn:commons-lang/commons-lang/${commons-lang-version}</bundle>
       <bundle dependency="true">mvn:commons-codec/commons-codec/1.9</bundle>
diff --git a/activemq-osgi/pom.xml b/activemq-osgi/pom.xml
index b1db3e2592..00b2e0f975 100644
--- a/activemq-osgi/pom.xml
+++ b/activemq-osgi/pom.xml
@@ -74,6 +74,7 @@
       javax.management*,
       javax.transaction*;version="[1,3)",
       javax.naming*;resolution:=optional,
+      org.apache.commons.io*;resolution:=optional,
       org.apache.commons.pool*;resolution:=optional,
       org.apache.commons.net*;resolution:=optional,
       com.sun*;resolution:=optional,
diff --git a/activemq-web/pom.xml b/activemq-web/pom.xml
index 8cc0f283f4..df3d7746f6 100644
--- a/activemq-web/pom.xml
+++ b/activemq-web/pom.xml
@@ -54,6 +54,10 @@
       <groupId>${project.groupId}</groupId>
       <artifactId>activemq-pool</artifactId>
     </dependency>
+    <dependency>
+      <groupId>commons-io</groupId>
+      <artifactId>commons-io</artifactId>
+    </dependency>
     <dependency>
       <groupId>${project.groupId}</groupId>
       <artifactId>activemq-unit-tests</artifactId>
diff --git a/activemq-web/src/main/java/org/apache/activemq/web/MessageServletSupport.java b/activemq-web/src/main/java/org/apache/activemq/web/MessageServletSupport.java
index 02e2b7abf1..5a2771b006 100644
--- a/activemq-web/src/main/java/org/apache/activemq/web/MessageServletSupport.java
+++ b/activemq-web/src/main/java/org/apache/activemq/web/MessageServletSupport.java
@@ -19,6 +19,7 @@ package org.apache.activemq.web;
 
 import java.io.BufferedReader;
 import java.io.IOException;
+import java.io.InputStreamReader;
 import java.util.HashMap;
 import java.util.Iterator;
 import java.util.Map;
@@ -34,6 +35,7 @@ import javax.servlet.http.HttpServletRequest;
 import org.apache.activemq.command.ActiveMQDestination;
 import org.apache.activemq.command.ActiveMQQueue;
 import org.apache.activemq.command.ActiveMQTopic;
+import org.apache.commons.io.input.BoundedInputStream;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
@@ -58,6 +60,12 @@ import org.slf4j.LoggerFactory;
 public abstract class MessageServletSupport extends HttpServlet {
 
     private static final transient Logger LOG = LoggerFactory.getLogger(MessageServletSupport.class);
+    /**
+     * A configuration tag to specify the maximum message size (in bytes) for the servlet. The default
+     * is given by DEFAULT_MAX_MESSAGE_SIZE below.
+     */
+    private static final String MAX_MESSAGE_SIZE_TAG = "maxMessageSize";
+    private static final Long DEFAULT_MAX_MESSAGE_SIZE = 100000L;
 
     private boolean defaultTopicFlag = true;
     private Destination defaultDestination;
@@ -68,6 +76,7 @@ public abstract class MessageServletSupport extends HttpServlet {
     private int defaultMessagePriority = 5;
     private long defaultMessageTimeToLive;
     private String destinationOptions;
+    private long maxMessageSize = DEFAULT_MAX_MESSAGE_SIZE;
 
     public void init(ServletConfig servletConfig) throws ServletException {
         super.init(servletConfig);
@@ -91,6 +100,11 @@ public abstract class MessageServletSupport extends HttpServlet {
             }
         }
 
+        String maxMessageSizeConfigured = servletConfig.getInitParameter(MAX_MESSAGE_SIZE_TAG);
+        if (maxMessageSizeConfigured != null) {
+            maxMessageSize = Long.parseLong(maxMessageSizeConfigured);
+        }
+
         // lets check to see if there's a connection factory set
         WebClient.initContext(getServletContext());
     }
@@ -344,7 +358,8 @@ public abstract class MessageServletSupport extends HttpServlet {
         if (answer == null && contentType != null) {
             LOG.debug("Content-Type={}", contentType);
             // lets read the message body instead
-            BufferedReader reader = request.getReader();
+            BoundedInputStream boundedInputStream = new BoundedInputStream(request.getInputStream(), maxMessageSize);
+            BufferedReader reader = new BufferedReader(new InputStreamReader(boundedInputStream));
             StringBuilder buffer = new StringBuilder();
             while (true) {
                 String line = reader.readLine();
diff --git a/assembly/src/main/descriptors/common-bin.xml b/assembly/src/main/descriptors/common-bin.xml
index b3a15b7a65..3e66930560 100644
--- a/assembly/src/main/descriptors/common-bin.xml
+++ b/assembly/src/main/descriptors/common-bin.xml
@@ -182,6 +182,7 @@
         <include>${pom.groupId}:activeio-core</include>
         <include>commons-beanutils:commons-beanutils</include>
         <include>commons-collections:commons-collections</include>
+        <include>commons-io:commons-io</include>
         <include>org.apache.commons:commons-dbcp2</include>
         <include>org.apache.commons:commons-pool2</include>
         <include>commons-codec:commons-codec</include>