Qpid
  1. Qpid
  2. QPID-2158

[Java 0-8/0-9] Overlong AMQShortStrings incorrectly encoded and cause Frame corruption

    Details

    • Type: Bug Bug
    • Status: Resolved
    • Priority: Major Major
    • Resolution: Fixed
    • Affects Version/s: M2, M2.1, M3, M4, 0.5, 0.6, 0.7, 0.8, 0.9, 0.10
    • Fix Version/s: 0.11
    • Component/s: Java Common
    • Labels:
      None

      Description

      AMQP defines as shortstr as a 1-octet length followed by that many octets of data. In java we use the AMQShortString class to represent this datatype in the 0-8/0-9 codebase. Unfortunately the AMQShortString class does not check to ensure that on construction its total length is less than 256 characters. In cases where an overlong AMQShortString is created and subsequently encoded, the size is written out as (byte) length, which means that a String of length 296 will be encoded as an octect with value 40 (296 & 255) followed by 296 octets of data. Upon decoding this causes a frame decoding error.

      We should check on construction of an AMQShortString that the underlying data does not have length > 255, and that if it does we should throw an appropriate exception (IndexOutOfBoundsException?)

      [This error was discovered when a long queue name was created, and that queue subsequently used as the destination for a reply-to field... the encoding of a reply-to copies the queue name twice (once as the queue name, once as the binding-key]

        Activity

        Rob Godfrey created issue -
        Alex Rudyy made changes -
        Field Original Value New Value
        Attachment adds-amq-short-string-length-validation.patch [ 12479115 ]
        Alex Rudyy made changes -
        Attachment adds-amq-short-string-length-validation.patch [ 12479115 ]
        Alex Rudyy made changes -
        Robbie Gemmell made changes -
        Assignee Robbie Gemmell [ gemmellr ]
        Robbie Gemmell made changes -
        Status Open [ 1 ] In Progress [ 3 ]
        Robbie Gemmell made changes -
        Affects Version/s 0.9 [ 12315382 ]
        Affects Version/s 0.8 [ 12315477 ]
        Affects Version/s 0.7 [ 12314455 ]
        Affects Version/s 0.6 [ 12313728 ]
        Fix Version/s 0.11 [ 12316272 ]
        Affects Version/s 0.10 [ 12316273 ]
        Robbie Gemmell made changes -
        Status In Progress [ 3 ] Resolved [ 5 ]
        Resolution Fixed [ 1 ]

          People

          • Assignee:
            Robbie Gemmell
            Reporter:
            Rob Godfrey
          • Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved:

              Development