Description of problem: Certain invalid protocol sequences can cause segfaults within proton. Version-Release number of selected component (if applicable): 0.28 How reproducible: Easily Steps to Reproduce: 1. send an attach before sending an open and begin or 1. send a performative with an invalid identifier Actual results: segfault Expected results: no segfault Additional info: These would affect qpidd where 1.0 support is loaded. Since qpidd does its own decoding of the SASL layer frames, you could at least limit the exposure to authenticated users.
Both of the upstream issues are fixed on trunk Proton: PROTON-590:r1599793 (https://svn.apache.org/r1599793) PROTON-608:r1614045 (https://svn.apache.org/r1614045)