Qpid
  1. Qpid
  2. QPID-2158

[Java 0-8/0-9] Overlong AMQShortStrings incorrectly encoded and cause Frame corruption

    Details

    • Type: Bug Bug
    • Status: Resolved
    • Priority: Major Major
    • Resolution: Fixed
    • Affects Version/s: M2, M2.1, M3, M4, 0.5, 0.6, 0.7, 0.8, 0.9, 0.10
    • Fix Version/s: 0.11
    • Component/s: Java Common
    • Labels:
      None

      Description

      AMQP defines as shortstr as a 1-octet length followed by that many octets of data. In java we use the AMQShortString class to represent this datatype in the 0-8/0-9 codebase. Unfortunately the AMQShortString class does not check to ensure that on construction its total length is less than 256 characters. In cases where an overlong AMQShortString is created and subsequently encoded, the size is written out as (byte) length, which means that a String of length 296 will be encoded as an octect with value 40 (296 & 255) followed by 296 octets of data. Upon decoding this causes a frame decoding error.

      We should check on construction of an AMQShortString that the underlying data does not have length > 255, and that if it does we should throw an appropriate exception (IndexOutOfBoundsException?)

      [This error was discovered when a long queue name was created, and that queue subsequently used as the destination for a reply-to field... the encoding of a reply-to copies the queue name twice (once as the queue name, once as the binding-key]

        Activity

        Hide
        Robbie Gemmell added a comment -

        Patch applied.

        Show
        Robbie Gemmell added a comment - Patch applied.
        Hide
        Alex Rudyy added a comment -

        The attached patch adds length validation to AMQShortString class. Also, it removes a dead code from AMQDestination and AMQShortString. Channel and connection exception messages are truncated to 255 length before being passed over wire.

        Show
        Alex Rudyy added a comment - The attached patch adds length validation to AMQShortString class. Also, it removes a dead code from AMQDestination and AMQShortString. Channel and connection exception messages are truncated to 255 length before being passed over wire.
        Hide
        Alex Rudyy added a comment -

        Attached a patch adding AMQShortString length validation

        Show
        Alex Rudyy added a comment - Attached a patch adding AMQShortString length validation

          People

          • Assignee:
            Robbie Gemmell
            Reporter:
            Rob Godfrey
          • Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved:

              Development