Uploaded image for project: 'Qpid'
  1. Qpid
  2. QPID-3444

the Java broker does not reject 0-10 exchange delete/bind/unbind commands which use empty strings for the exchange name

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 0.6, 0.7, 0.8, 0.9, 0.10, 0.11, 0.12
    • Fix Version/s: 0.13
    • Component/s: Broker-J
    • Labels:
      None

      Description

      The Java broker [sometimes] verifies that the 0-10 exchange delete/bind/unbind commands have an exchange value set however it does not reject those which have an empty string defined, which is interpreted as the default exchange. It should issue an INVALID_ARGUMENT exception if the exchange name is null or empty for these commands.

        Activity

        Hide
        k-wall Keith Wall added a comment -

        No further comments.

        Show
        k-wall Keith Wall added a comment - No further comments.
        Hide
        gemmellr Robbie Gemmell added a comment -

        Correct, but I dont think that strictly relates to this issue, and instead our somewhat shoddy implementation of the default exchange. That problem arises due to the default exchange actually having a name when it isnt meant to (thus the changes in this JIRA to protect it as nameless), which I think should be bundled into QPID-3490 (which didnt actually mention that, although it is something I was looking to include there - updated accordingly).

        Show
        gemmellr Robbie Gemmell added a comment - Correct, but I dont think that strictly relates to this issue, and instead our somewhat shoddy implementation of the default exchange. That problem arises due to the default exchange actually having a name when it isnt meant to (thus the changes in this JIRA to protect it as nameless), which I think should be bundled into QPID-3490 (which didnt actually mention that, although it is something I was looking to include there - updated accordingly).
        Hide
        k-wall Keith Wall added a comment -

        Hi Robbie

        Can't a client subvert the check by passing the default exchange name "<<default>>"? I just tried this test from JMX (AMQBrokerManagerMBean#unregisterExchange()) and found I could successfully remove the default exchange from a vhost. I think nameNullOrEmpty should be generalised from this case too.

        cheers Keith.

        Show
        k-wall Keith Wall added a comment - Hi Robbie Can't a client subvert the check by passing the default exchange name "<<default>>"? I just tried this test from JMX (AMQBrokerManagerMBean#unregisterExchange()) and found I could successfully remove the default exchange from a vhost. I think nameNullOrEmpty should be generalised from this case too. cheers Keith.
        Hide
        gemmellr Robbie Gemmell added a comment -

        Hi Keith, can you review these changes please? Thanks, Robbie.

        Show
        gemmellr Robbie Gemmell added a comment - Hi Keith, can you review these changes please? Thanks, Robbie.

          People

          • Assignee:
            k-wall Keith Wall
            Reporter:
            gemmellr Robbie Gemmell
          • Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved:

              Development