You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@qpid.apache.org by "Robbie Gemmell (JIRA)" <ji...@apache.org> on 2014/10/28 12:04:33 UTC
[jira] [Commented] (QPID-6193) [Java broker] AMQP 1.0 Open frames
with channel-max above the signed short range leads to failure
[ https://issues.apache.org/jira/browse/QPID-6193?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14186694#comment-14186694 ]
Robbie Gemmell commented on QPID-6193:
--------------------------------------
Peers may work around this issue by ensuring they dont sent a channel-max value outside the signed short range, i.e <= 32767.
> [Java broker] AMQP 1.0 Open frames with channel-max above the signed short range leads to failure
> -------------------------------------------------------------------------------------------------
>
> Key: QPID-6193
> URL: https://issues.apache.org/jira/browse/QPID-6193
> Project: Qpid
> Issue Type: Bug
> Components: Java Broker
> Affects Versions: 0.30
> Reporter: Robbie Gemmell
>
> The broker defaults channel-max to 255 or whatever has been configured.
> When processing the Open frame sent by the peer, the broker attempts to use the sent channel-max value if it is lower than the configured default.
> {noformat}
> public synchronized void receiveOpen(short channel, Open open)
> {
> _channelMax = open.getChannelMax() == null ? _channelMax
> : open.getChannelMax().shortValue() < _channelMax
> ? open.getChannelMax().shortValue()
> : _channelMax;
> if (_receivingSessions == null)
> {
> _receivingSessions = new SessionEndpoint[_channelMax + 1];
> _sendingSessions = new SessionEndpoint[_channelMax + 1];
> }
> {noformat}
> The logic doesnt handle channel-max being an unsigned short, meaning its use of getChannelMax().shortValue() may yield negative values for those outwith the signed range upper limit.
> For example, if the peer sends 65535 (possibly be default due to setting a later field in its Open frame) this will yield -1, which then has 1 added to it to create a 0-length array, leading to ArrayIndexOutOfBoundsException when the first Begin frame arrives. The following is output to stdout when this occurs:
> {noformat}
> [Broker] BRK-1004 : Qpid Broker Ready
> 00 53 11 c0 0b 05 40 52 01 43 43 70 00 00 04 00
> java.lang.ArrayIndexOutOfBoundsException: 0
> at org.apache.qpid.amqp_1_0.transport.ConnectionEndpoint.receiveBegin(ConnectionEndpoint.java:569)
> at org.apache.qpid.amqp_1_0.type.transport.Begin.invoke(Begin.java:226)
> at org.apache.qpid.amqp_1_0.transport.ConnectionEndpoint.receive(ConnectionEndpoint.java:802)
> at org.apache.qpid.amqp_1_0.framing.FrameHandler.parse(FrameHandler.java:241)
> at org.apache.qpid.server.protocol.v1_0.ProtocolEngine_1_0_0_SASL$4.run(ProtocolEngine_1_0_0_SASL.java:384)
> at org.apache.qpid.server.protocol.v1_0.ProtocolEngine_1_0_0_SASL$4.run(ProtocolEngine_1_0_0_SASL.java:380)
> at java.security.AccessController.doPrivileged(Native Method)
> at javax.security.auth.Subject.doAs(Subject.java:360)
> at org.apache.qpid.server.protocol.v1_0.ProtocolEngine_1_0_0_SASL.received(ProtocolEngine_1_0_0_SASL.java:379)
> at org.apache.qpid.server.protocol.v1_0.ProtocolEngine_1_0_0_SASL.received(ProtocolEngine_1_0_0_SASL.java:66)
> at org.apache.qpid.server.protocol.MultiVersionProtocolEngine.received(MultiVersionProtocolEngine.java:153)
> at org.apache.qpid.server.protocol.MultiVersionProtocolEngine.received(MultiVersionProtocolEngine.java:51)
> at org.apache.qpid.transport.network.io.IoReceiver.run(IoReceiver.java:161)
> at java.lang.Thread.run(Thread.java:745)
> {noformat}
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@qpid.apache.org
For additional commands, e-mail: dev-help@qpid.apache.org