Bug 674390
| Summary: | Buffer library does not prevent overflow when writing sequences of bytes. | ||
|---|---|---|---|
| Product: | Red Hat Enterprise MRG | Reporter: | Ken Giusti <kgiusti> |
| Component: | qpid-cpp | Assignee: | Ken Giusti <kgiusti> |
| Status: | CLOSED ERRATA | QA Contact: | Petr Matousek <pematous> |
| Severity: | high | Docs Contact: | |
| Priority: | medium | ||
| Version: | 1.3 | CC: | freznice, gsim, iboverma, jneedle |
| Target Milestone: | 2.0 | ||
| Target Release: | --- | ||
| Hardware: | x86_64 | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | qpid-cpp-0.9.1079953-1 | Doc Type: | Bug Fix |
| Doc Text: |
Cause:
The encoding of string data into a message buffer did not check if there was enough available space in the buffer for the string.
Consequence:
Encoding string data that was too large for a given buffer would corrupt the buffer memory, and potentially crash the broker.
Fix:
The string encoding code now verifies that the message buffer is large enough to hold the encoded string.
Result:
If there is not enough room in the buffer to hold the encoded string, an exception is returned to the caller and the buffer is not modified.
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | 2011-06-23 15:48:48 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
|
Description
Ken Giusti
2011-02-01 17:14:19 UTC
Upstream JIRA: https://issues.apache.org/jira/browse/QPID-3030 Fixed upstream: http://svn.apache.org/viewvc?view=rev&rev=1066097 Committed revision 1066097
Technical note added. If any revisions are required, please edit the "Technical Notes" field
accordingly. All revisions will be proofread by the Engineering Content Services team.
New Contents:
Cause:
The encoding of string data into a message buffer did not check if there was enough available space in the buffer for the string.
Consequence:
Encoding string data that was too large for a given buffer would corrupt the buffer memory, and potentially crash the broker.
Fix:
The string encoding code now verifies that the message buffer is large enough to hold the encoded string.
Result:
If there is not enough room in the buffer to hold the encoded string, an exception is returned to the caller and the buffer is not modified.
This issue has been fixed Verified on RHEL5.6 and RHEL6.1, architectures: i386, x86_64 packages installed: python-qpid-0.10-1.el5 python-qpid-qmf-0.10-6.el5 qpid-cpp-client-0.10-5.el5 qpid-cpp-client-devel-0.10-5.el5 qpid-cpp-client-devel-docs-0.10-5.el5 qpid-cpp-client-ssl-0.10-5.el5 qpid-cpp-mrg-debuginfo-0.10-5.el5 qpid-cpp-server-0.10-5.el5 qpid-cpp-server-cluster-0.10-5.el5 qpid-cpp-server-devel-0.10-5.el5 qpid-cpp-server-ssl-0.10-5.el5 qpid-cpp-server-store-0.10-5.el5 qpid-cpp-server-xml-0.10-5.el5 qpid-java-client-0.10-4.el5 qpid-java-common-0.10-4.el5 qpid-java-example-0.10-4.el5 qpid-qmf-0.10-6.el5 qpid-qmf-devel-0.10-6.el5 qpid-tools-0.10-4.el5 -> VERIFIED NOTICE: Method call should succeed instead of throwing Out-of-Bounds exception, but this issue is covered by BZ674392, which is not yet solved. An advisory has been issued which should help the problem described in this bug report. This report is therefore being closed with a resolution of ERRATA. For more information on therefore solution and/or where to find the updated files, please follow the link below. You may reopen this bug report if the solution does not work for you. http://rhn.redhat.com/errata/RHEA-2011-0890.html |