]
Ivo Studensky resolved WFCORE-4780.
-----------------------------------
Resolution: Done
Stax maxAttributeSize is only vaguely respected
-----------------------------------------------
Key: WFCORE-4780
URL:
https://issues.redhat.com/browse/WFCORE-4780
Project: WildFly Core
Issue Type: Bug
Reporter: Ilia Vassilev
Assignee: Ivo Studensky
Priority: Major
System property org.apache.cxf.stax.maxAttributeSize only vaguely limits attribute
values. If I set the property to 5000 I can send up to 8295 characters in an attribute
value without EAP denying the request.
Reviewing the source code for woodstox reveal that the limit is checked against the size
of the buffer before the last buffer expansion. After 2459 characters the buffer is grown
to 3687. After 5531 characters the limit is checked against 3687 instead of 5531 and not
until 8296 characters is the limit checked against the previous buffer size 5531 which is
larger than 5000.