Description of problem: When writing a string or raw data to a framing::Buffer, it is possible to overflow the buffer's memory. Version-Release number of selected component (if applicable): 1.3 How reproducible: 100% Steps to Reproduce: 1. See BZ667735 - use "console 65500" Actual results: The command fails with a Segmentation Fault. Expected results: Attempting to write too much data into a Framing::Buffer should throw an Out-of-Bounds exception. Additional info: Reproducible on RHEL5 using qpid-cpp-client-devel-0.7.946106-27.el5
Upstream JIRA: https://issues.apache.org/jira/browse/QPID-3030 Fixed upstream: http://svn.apache.org/viewvc?view=rev&rev=1066097 Committed revision 1066097
Technical note added. If any revisions are required, please edit the "Technical Notes" field accordingly. All revisions will be proofread by the Engineering Content Services team. New Contents: Cause: The encoding of string data into a message buffer did not check if there was enough available space in the buffer for the string. Consequence: Encoding string data that was too large for a given buffer would corrupt the buffer memory, and potentially crash the broker. Fix: The string encoding code now verifies that the message buffer is large enough to hold the encoded string. Result: If there is not enough room in the buffer to hold the encoded string, an exception is returned to the caller and the buffer is not modified.
This issue has been fixed Verified on RHEL5.6 and RHEL6.1, architectures: i386, x86_64 packages installed: python-qpid-0.10-1.el5 python-qpid-qmf-0.10-6.el5 qpid-cpp-client-0.10-5.el5 qpid-cpp-client-devel-0.10-5.el5 qpid-cpp-client-devel-docs-0.10-5.el5 qpid-cpp-client-ssl-0.10-5.el5 qpid-cpp-mrg-debuginfo-0.10-5.el5 qpid-cpp-server-0.10-5.el5 qpid-cpp-server-cluster-0.10-5.el5 qpid-cpp-server-devel-0.10-5.el5 qpid-cpp-server-ssl-0.10-5.el5 qpid-cpp-server-store-0.10-5.el5 qpid-cpp-server-xml-0.10-5.el5 qpid-java-client-0.10-4.el5 qpid-java-common-0.10-4.el5 qpid-java-example-0.10-4.el5 qpid-qmf-0.10-6.el5 qpid-qmf-devel-0.10-6.el5 qpid-tools-0.10-4.el5 -> VERIFIED NOTICE: Method call should succeed instead of throwing Out-of-Bounds exception, but this issue is covered by BZ674392, which is not yet solved.
An advisory has been issued which should help the problem described in this bug report. This report is therefore being closed with a resolution of ERRATA. For more information on therefore solution and/or where to find the updated files, please follow the link below. You may reopen this bug report if the solution does not work for you. http://rhn.redhat.com/errata/RHEA-2011-0890.html