Qpid
  1. Qpid
  2. QPID-3444

the Java broker does not reject 0-10 exchange delete/bind/unbind commands which use empty strings for the exchange name

    Details

    • Type: Bug Bug
    • Status: Resolved
    • Priority: Major Major
    • Resolution: Fixed
    • Affects Version/s: 0.6, 0.7, 0.8, 0.9, 0.10, 0.11, 0.12
    • Fix Version/s: 0.13
    • Component/s: Java Broker
    • Labels:
      None

      Description

      The Java broker [sometimes] verifies that the 0-10 exchange delete/bind/unbind commands have an exchange value set however it does not reject those which have an empty string defined, which is interpreted as the default exchange. It should issue an INVALID_ARGUMENT exception if the exchange name is null or empty for these commands.

        Activity

        Hide
        Robbie Gemmell added a comment -

        Hi Keith, can you review these changes please? Thanks, Robbie.

        Show
        Robbie Gemmell added a comment - Hi Keith, can you review these changes please? Thanks, Robbie.
        Hide
        Keith Wall added a comment -

        Hi Robbie

        Can't a client subvert the check by passing the default exchange name "<<default>>"? I just tried this test from JMX (AMQBrokerManagerMBean#unregisterExchange()) and found I could successfully remove the default exchange from a vhost. I think nameNullOrEmpty should be generalised from this case too.

        cheers Keith.

        Show
        Keith Wall added a comment - Hi Robbie Can't a client subvert the check by passing the default exchange name "<<default>>"? I just tried this test from JMX (AMQBrokerManagerMBean#unregisterExchange()) and found I could successfully remove the default exchange from a vhost. I think nameNullOrEmpty should be generalised from this case too. cheers Keith.
        Hide
        Robbie Gemmell added a comment -

        Correct, but I dont think that strictly relates to this issue, and instead our somewhat shoddy implementation of the default exchange. That problem arises due to the default exchange actually having a name when it isnt meant to (thus the changes in this JIRA to protect it as nameless), which I think should be bundled into QPID-3490 (which didnt actually mention that, although it is something I was looking to include there - updated accordingly).

        Show
        Robbie Gemmell added a comment - Correct, but I dont think that strictly relates to this issue, and instead our somewhat shoddy implementation of the default exchange. That problem arises due to the default exchange actually having a name when it isnt meant to (thus the changes in this JIRA to protect it as nameless), which I think should be bundled into QPID-3490 (which didnt actually mention that, although it is something I was looking to include there - updated accordingly).
        Hide
        Keith Wall added a comment -

        No further comments.

        Show
        Keith Wall added a comment - No further comments.

          People

          • Assignee:
            Keith Wall
            Reporter:
            Robbie Gemmell
          • Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved:

              Development