qpid-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Robbie Gemmell (JIRA)" <j...@apache.org>
Subject [jira] [Closed] (QPIDJMS-433) MessageListener.onMessage() has unhandled exception vulnerability which causes infinite loop
Date Fri, 16 Nov 2018 14:35:00 GMT

     [ https://issues.apache.org/jira/browse/QPIDJMS-433?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Robbie Gemmell closed QPIDJMS-433.
----------------------------------
    Resolution: Information Provided

The JMS spec explicitly defines throwing exceptions from onMessage as a programming error
so the primary answer here is application. The client currently releases a message when this
happens which could lead to the situation you describe, but QPIDJMS-388 covers that already
so closing this out.

> MessageListener.onMessage() has unhandled exception vulnerability which causes infinite
loop
> --------------------------------------------------------------------------------------------
>
>                 Key: QPIDJMS-433
>                 URL: https://issues.apache.org/jira/browse/QPIDJMS-433
>             Project: Qpid JMS
>          Issue Type: Bug
>          Components: qpid-jms-client
>    Affects Versions: 0.37.0
>            Reporter: Kim van der Riet
>            Priority: Major
>         Attachments: QpidJmsClientTest.java, pom.xml
>
>
> When using a MessageListener, any uncaught exceptions in onMessage() will create an infinite
loop of resending the same message over and over. As the message is never acknowledged during
the execution of this loop, stopping the client application and restarting it results in the
infinite loop immediately resuming.
> While this is strictly a developer oversight, it is an easy one to make, especially for
runtime exceptions. For example, using an illegal character while getting a message property
(eg. "msg-type") will result in an IllegalArgumentExceptionexception (rather than in the perhaps
expected JMSException), and will trigger this behavior if not explicitly handled in the client.
> The Qpid JMS client implementation should perhaps anticipate this occurrence, and appropriately
handle the exception (eg it can then close the connection with an error message).
> Attached is a simple single-class reproducer which illustrates the issue. Sending any
message to the queue will result in the triggering of this condition, eg:
> {{qpid-send -a TestQueue -m1}}
> and results in:
> Listening on amqp://localhost:5672...
>  onMessage(): JmsTextMessage \{ org.apache.qpid.jms.provider.amqp.message.AmqpJmsTextMessageFacade@a2f68bf
}
>  UNHANDLED EXCEPTION: java.lang.IllegalArgumentException: Identifier contains invalid
JMS identifier character '-': 'msg-type' 
>  onMessage(): JmsTextMessage \{ org.apache.qpid.jms.provider.amqp.message.AmqpJmsTextMessageFacade@4dbc00fa
}
>  UNHANDLED EXCEPTION: java.lang.IllegalArgumentException: Identifier contains invalid
JMS identifier character '-': 'msg-type' 
>  onMessage(): JmsTextMessage \{ org.apache.qpid.jms.provider.amqp.message.AmqpJmsTextMessageFacade@5e24db1e
}
>  UNHANDLED EXCEPTION: java.lang.IllegalArgumentException: Identifier contains invalid
JMS identifier character '-': 'msg-type'
>  ...



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@qpid.apache.org
For additional commands, e-mail: dev-help@qpid.apache.org


Mime
View raw message