Uploaded image for project: 'Qpid Proton'
  1. Qpid Proton
  2. PROTON-976

pn_read_frame does not validate frame offset

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Closed
    • Blocker
    • Resolution: Fixed
    • proton-0.10
    • proton-0.10
    • proton-c
    • None

    Description

      pn_read_frame in framing.c does not validate the doff with respect to the frame size. If doff is corrupt proton will still attempt to parse the frame. This can result in a crash.

      I consider this a blocker as an attacker can craft a bad frame that results in crashing the receiver.

      Attachments

        Issue Links

          duplicates

          Bug - A problem which impairs or prevents the functions of the product. PROTON-109 Proton should handle inbound max-frame size violations.

          • Major - Major loss of function.
          • Closed
          relates to

          Bug - A problem which impairs or prevents the functions of the product. PROTON-975 connecting with DIGEST-MD5 fails if buffer containing outcome and first encrypted frame is received

          • Blocker - Blocks development and/or testing work, production could not run
          • Closed

          Activity

            People

              kgiusti Ken Giusti
              kgiusti Ken Giusti
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: