You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@qpid.apache.org by "Robbie Gemmell (JIRA)" <ji...@apache.org> on 2018/11/16 14:35:00 UTC
[jira] [Closed] (QPIDJMS-433) MessageListener.onMessage() has
unhandled exception vulnerability which causes infinite loop
[ https://issues.apache.org/jira/browse/QPIDJMS-433?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Robbie Gemmell closed QPIDJMS-433.
----------------------------------
Resolution: Information Provided
The JMS spec explicitly defines throwing exceptions from onMessage as a programming error so the primary answer here is application. The client currently releases a message when this happens which could lead to the situation you describe, but QPIDJMS-388 covers that already so closing this out.
> MessageListener.onMessage() has unhandled exception vulnerability which causes infinite loop
> --------------------------------------------------------------------------------------------
>
> Key: QPIDJMS-433
> URL: https://issues.apache.org/jira/browse/QPIDJMS-433
> Project: Qpid JMS
> Issue Type: Bug
> Components: qpid-jms-client
> Affects Versions: 0.37.0
> Reporter: Kim van der Riet
> Priority: Major
> Attachments: QpidJmsClientTest.java, pom.xml
>
>
> When using a MessageListener, any uncaught exceptions in onMessage() will create an infinite loop of resending the same message over and over. As the message is never acknowledged during the execution of this loop, stopping the client application and restarting it results in the infinite loop immediately resuming.
> While this is strictly a developer oversight, it is an easy one to make, especially for runtime exceptions. For example, using an illegal character while getting a message property (eg. "msg-type") will result in an IllegalArgumentExceptionexception (rather than in the perhaps expected JMSException), and will trigger this behavior if not explicitly handled in the client.
> The Qpid JMS client implementation should perhaps anticipate this occurrence, and appropriately handle the exception (eg it can then close the connection with an error message).
> Attached is a simple single-class reproducer which illustrates the issue. Sending any message to the queue will result in the triggering of this condition, eg:
> {{qpid-send -a TestQueue -m1}}
> and results in:
> Listening on amqp://localhost:5672...
> onMessage(): JmsTextMessage \{ org.apache.qpid.jms.provider.amqp.message.AmqpJmsTextMessageFacade@a2f68bf }
> UNHANDLED EXCEPTION: java.lang.IllegalArgumentException: Identifier contains invalid JMS identifier character '-': 'msg-type'
> onMessage(): JmsTextMessage \{ org.apache.qpid.jms.provider.amqp.message.AmqpJmsTextMessageFacade@4dbc00fa }
> UNHANDLED EXCEPTION: java.lang.IllegalArgumentException: Identifier contains invalid JMS identifier character '-': 'msg-type'
> onMessage(): JmsTextMessage \{ org.apache.qpid.jms.provider.amqp.message.AmqpJmsTextMessageFacade@5e24db1e }
> UNHANDLED EXCEPTION: java.lang.IllegalArgumentException: Identifier contains invalid JMS identifier character '-': 'msg-type'
> ...
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@qpid.apache.org
For additional commands, e-mail: dev-help@qpid.apache.org