Details
-
Bug
-
Status: Closed
-
Blocker
-
Resolution: Fixed
-
proton-0.10
-
None
Description
pn_read_frame in framing.c does not validate the doff with respect to the frame size. If doff is corrupt proton will still attempt to parse the frame. This can result in a crash.
I consider this a blocker as an attacker can craft a bad frame that results in crashing the receiver.
Attachments
Issue Links
- duplicates
-
PROTON-109 Proton should handle inbound max-frame size violations.
- Closed
- relates to
-
PROTON-975 connecting with DIGEST-MD5 fails if buffer containing outcome and first encrypted frame is received
- Closed