You are viewing a plain text version of this content. The canonical link for it is here.

Posted to proton@qpid.apache.org by "ASF subversion and git services (JIRA)" <ji...@apache.org> on 2014/12/11 05:13:13 UTC

[jira] [Commented] (PROTON-771) AMQP and SASL performatives are not validated against correct frame type

    [ https://issues.apache.org/jira/browse/PROTON-771?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14242115#comment-14242115 ] 

ASF subversion and git services commented on PROTON-771:
--------------------------------------------------------

Commit d8e99db54449f22ea2b77c2d9ee4203c9f049e45 in qpid-proton's branch refs/heads/master from [~astitcher]
[ https://git-wip-us.apache.org/repos/asf?p=qpid-proton.git;h=d8e99db ]

PROTON-771: Validate performative against frame type


> AMQP and SASL performatives are not validated against correct frame type
> ------------------------------------------------------------------------
>
>                 Key: PROTON-771
>                 URL: https://issues.apache.org/jira/browse/PROTON-771
>             Project: Qpid Proton
>          Issue Type: Bug
>          Components: proton-c
>            Reporter: Andrew Stitcher
>            Assignee: Andrew Stitcher
>
> The protocol processing logic for proton does not currently validate that amqp and sasl performatives actually have the correct frame type. In fact the current code completely ignores the frame type.
> This really only means that it will accept some invalid protocol sequences and treat them as valid ones, it doesn't allow any security exploits in itself.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)