qpid-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "ASF subversion and git services (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (PROTON-1979) Decoding a bad message can overflow the stack
Date Thu, 06 Dec 2018 22:24:00 GMT

    [ https://issues.apache.org/jira/browse/PROTON-1979?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16712092#comment-16712092
] 

ASF subversion and git services commented on PROTON-1979:
---------------------------------------------------------

Commit 5ba471d97f9e04c8e68f2270681038b3c1eac0ed in qpid-proton's branch refs/heads/master
from [~astitcher]
[ https://git-wip-us.apache.org/repos/asf?p=qpid-proton.git;h=5ba471d ]

PROTON-1979: [c] Forbid AMQP values that could lead to a nested descriptor type
- Any described type descriptors that could lead to a nested described type in the
  descriptor type itself are forbidden as these can lead to indefinite stack use.
- In any event only symbol and ulong are currently valid types for descriptors,
  all other types are reserved although syntactically valid (according to amqp 1.0).

Problem found by oss-fuzz: https://oss-fuzz.com/testcase?key=5920119225057280


> Decoding a bad message can overflow the stack
> ---------------------------------------------
>
>                 Key: PROTON-1979
>                 URL: https://issues.apache.org/jira/browse/PROTON-1979
>             Project: Qpid Proton
>          Issue Type: Bug
>          Components: proton-c
>            Reporter: Andrew Stitcher
>            Assignee: Andrew Stitcher
>            Priority: Major
>             Fix For: proton-c-0.27.0
>
>
> Found by oss-fuzz: [https://oss-fuzz.com/testcase?key=5920119225057280]
> A message with a described type whose descriptor is an array containing described types
of an array containing described types of... can cause enough stack use to overflow the process
stack.
> The message is quite long (and essentially meaningless) but none the less syntactically
valid.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@qpid.apache.org
For additional commands, e-mail: dev-help@qpid.apache.org


Mime
View raw message