1109320 – [AMQP 1.0] proton vulnerabilities

Bug 1109320 - [AMQP 1.0] proton vulnerabilities

Summary: [AMQP 1.0] proton vulnerabilities

Keywords:
Status:	CLOSED CURRENTRELEASE
Alias:	None
Product:	Red Hat Enterprise MRG
Classification:	Red Hat
Component:	qpid-cpp
Sub Component:
Version:	3.0
Hardware:	Unspecified
OS:	Unspecified
Priority:	high
Severity:	unspecified
Target Milestone:	3.0
Target Release:	---
Assignee:	Andrew Stitcher
QA Contact:	Messaging QE
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:	1140815 1010399
TreeView+	depends on / blocked

Reported:	2014-06-13 16:11 UTC by Gordon Sim
Modified:	2014-09-11 18:34 UTC (History)
CC List:	5 users (show)
Fixed In Version:	qpid-proton-0.7-3
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Clones:	1140815 (view as bug list)
Environment:
Last Closed:	2014-09-11 18:34:45 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Apache JIRA	PROTON-590	0	None	None	None	Never
Apache JIRA	PROTON-608	0	None	None	None	Never

Description Gordon Sim 2014-06-13 16:11:38 UTC

Description of problem:

Certain invalid protocol sequences can cause segfaults within proton. 

Version-Release number of selected component (if applicable):

0.28

How reproducible:

Easily

Steps to Reproduce:
1. send an attach before sending an open and begin
or
1. send a performative with an invalid identifier

Actual results:

segfault

Expected results:

no segfault

Additional info:

These would affect qpidd where 1.0 support is loaded. Since qpidd does its own decoding of the SASL layer frames, you could at least limit the exposure to authenticated users.

Comment 1 Andrew Stitcher 2014-07-30 23:02:18 UTC

Both of the upstream issues are fixed on trunk Proton:

PROTON-590:r1599793 (https://svn.apache.org/r1599793)
PROTON-608:r1614045 (https://svn.apache.org/r1614045)

Note You need to log in before you can comment on or make changes to this bug.