qpid-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Robbie Gemmell (JIRA)" <j...@apache.org>
Subject [jira] [Resolved] (QPID-2158) [Java 0-8/0-9] Overlong AMQShortStrings incorrectly encoded and cause Frame corruption
Date Tue, 07 Jun 2011 15:06:58 GMT

     [ https://issues.apache.org/jira/browse/QPID-2158?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel

Robbie Gemmell resolved QPID-2158.

    Resolution: Fixed

Patch applied.

> [Java 0-8/0-9] Overlong AMQShortStrings incorrectly encoded and cause Frame corruption
> --------------------------------------------------------------------------------------
>                 Key: QPID-2158
>                 URL: https://issues.apache.org/jira/browse/QPID-2158
>             Project: Qpid
>          Issue Type: Bug
>          Components: Java Common
>    Affects Versions: M2, M2.1, M3, M4, 0.5, 0.6, 0.7, 0.8, 0.9, 0.10
>            Reporter: Rob Godfrey
>            Assignee: Robbie Gemmell
>             Fix For: 0.11
>         Attachments: adds-amqshortstring-length-validation.patch
> AMQP defines as shortstr as a 1-octet length followed by that many octets of data.  In
java we use the AMQShortString class to represent this datatype in the 0-8/0-9 codebase. 
Unfortunately the AMQShortString class does not check to ensure that on construction its total
length is less than 256 characters.  In cases where an overlong  AMQShortString is created
and subsequently encoded, the size is written out as (byte) length, which means that a String
of length 296 will be encoded as an octect with value 40 (296 & 255) followed by 296 octets
of data.  Upon decoding this causes a frame decoding error.
> We should check on construction of an AMQShortString that the underlying data does not
have length > 255, and that if it does we should throw an appropriate exception (IndexOutOfBoundsException?)
> [This error was discovered when a long queue name was created, and that queue subsequently
used as the destination for a reply-to field... the encoding of a reply-to copies the queue
name twice (once as the queue name, once as the binding-key]

This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira

Apache Qpid - AMQP Messaging Implementation
Project:      http://qpid.apache.org
Use/Interact: mailto:dev-subscribe@qpid.apache.org

View raw message