Description of problem: A user attempting to access a non-existent node will get a not-found error even if they don't have permission to access such a node. They should not be given any information on whether or not the node exists unless they first have permission. Version-Release number of selected component (if applicable): Early Access How reproducible: 100% Steps to Reproduce: 1. create policy that denies a given user all rights 2. using that user, try to send to or receive from any node name Actual results: Get not-found error where node doesn't exist. Expected results: Should get unauthorized access error whether or not node exists. Additional info:
Fixed upstream: https://svn.apache.org/r1540041
Tested on RHEL 6.5 i686, x86_64, with following packages: perl-qpid-0.22-11.el6 python-qpid-0.22-12.el6 python-qpid-qmf-0.22-28.el6 qpid-cpp-client-0.22-36.el6 qpid-cpp-client-devel-0.22-36.el6 qpid-cpp-client-devel-docs-0.22-36.el6 qpid-cpp-debuginfo-0.22-36.el6 qpid-cpp-server-0.22-36.el6 qpid-cpp-server-devel-0.22-36.el6 qpid-cpp-server-ha-0.22-36.el6 qpid-cpp-server-linearstore-0.22-36.el6 qpid-cpp-server-xml-0.22-36.el6 qpid-java-client-0.22-6.el6 qpid-java-common-0.22-6.el6 qpid-java-example-0.22-6.el6 qpid-jca-0.22-2.el6 qpid-jca-xarecovery-0.22-2.el6 qpid-proton-c-0.6-1.el6 qpid-proton-c-devel-0.6-1.el6 qpid-proton-debuginfo-0.6-1.el6 qpid-qmf-0.22-28.el6 qpid-qmf-debuginfo-0.22-28.el6 qpid-snmpd-1.0.0-16.el6 qpid-snmpd-debuginfo-1.0.0-16.el6 qpid-tools-0.22-9.el6 ruby-qpid-qmf-0.22-28.el6 -> VERIFIED