Bug 1109320

Summary: [AMQP 1.0] proton vulnerabilities
Product: Red Hat Enterprise MRG Reporter: Gordon Sim <gsim>
Component: qpid-cppAssignee: Andrew Stitcher <astitcher>
Status: CLOSED CURRENTRELEASE QA Contact: Messaging QE <messaging-qe-bugs>
Severity: unspecified Docs Contact:
Priority: high    
Version: 3.0CC: astitcher, iboverma, jross, lzhaldyb, pematous
Target Milestone: 3.0Keywords: OtherQA
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: qpid-proton-0.7-3 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
: 1140815 (view as bug list) Environment:
Last Closed: 2014-09-11 18:34:45 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1140815, 1010399    

Description Gordon Sim 2014-06-13 16:11:38 UTC 
Description of problem:

Certain invalid protocol sequences can cause segfaults within proton. 

Version-Release number of selected component (if applicable):

0.28

How reproducible:

Easily

Steps to Reproduce:
1. send an attach before sending an open and begin
or
1. send a performative with an invalid identifier

Actual results:

segfault

Expected results:

no segfault

Additional info:

These would affect qpidd where 1.0 support is loaded. Since qpidd does its own decoding of the SASL layer frames, you could at least limit the exposure to authenticated users.
Comment 1 Andrew Stitcher 2014-07-30 23:02:18 UTC 
Both of the upstream issues are fixed on trunk Proton:

PROTON-590:r1599793 (https://svn.apache.org/r1599793)
PROTON-608:r1614045 (https://svn.apache.org/r1614045)