Uploaded image for project: 'Qpid Proton'
  1. Qpid Proton
  2. PROTON-975

connecting with DIGEST-MD5 fails if buffer containing outcome and first encrypted frame is received

VotersWatch issueWatchersLinkCloneUpdate Comment AuthorReplace String in CommentUpdate Comment VisibilityDelete Comments
    XMLWordPrintableJSON

Details

    • Bug
    • Status: Closed
    • Blocker
    • Resolution: Fixed
    • proton-0.10
    • proton-0.10
    • proton-c
    • None

    Description

      I'm hitting an occasional client crash when using an DIGEST-MD5 SASL mech to talk to the qpidd broker.

      I've built the broker using the 0.10rc1 as the proton library.

      I'm using a pyngus based client. I will upload this reproducer.

      Best I can tell, the client pushes a single buffer to the transport that contains both the SASL outcome frame from qpidd and the first encrypted frame. SASL does not handle this case correctly and attempts to parse the encrypted frame as cleartext.

      I will open another bug against the frame decode to prevent parsing invalid frames.

      Attachments

        1. send.py
          5 kB
          Ken Giusti

        Issue Links

        is related to

        Bug - A problem which impairs or prevents the functions of the product. PROTON-976 pn_read_frame does not validate frame offset

        • Blocker - Blocks development and/or testing work, production could not run
        • Closed

        Activity
          This comment will be Viewable by All Users Viewable by All Users
          Cancel

          People

            astitcher Andrew Stitcher
            kgiusti Ken Giusti
            Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Slack

                Issue deployment