Uploaded image for project: 'Qpid'
  1. Qpid
  2. QPID-4021

Badly behaved clients can still clog up the broker

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 0.17
    • Fix Version/s: 0.23
    • Component/s: C++ Broker
    • Labels:
      None

      Description

      The recent code that timeouts out new connections that have not negotiated the protocol within (a default) 2 seconds still leaves a gap where badly behaved applications can tie up the broker.

      The timeout should really be till either heartbeats are activated in which case they will take over the role of timing out idle connections. Or until the connection is authenticated in which case the policy on admitting users should take care of limiting the connections.

        Issue Links

          Activity

          Hide
          justi9 Justin Ross added a comment -
          Show
          justi9 Justin Ross added a comment - Released in Qpid 0.24, http://qpid.apache.org/releases/qpid-0.24/index.html
          Hide
          astitcher Andrew Stitcher added a comment -

          With the fix for QPID-4854 the trunk code (for 0.23) now will time out the initial protocol negotiation until the connection is fully authenticated and heartbeats (if set) are negotiated.

          Show
          astitcher Andrew Stitcher added a comment - With the fix for QPID-4854 the trunk code (for 0.23) now will time out the initial protocol negotiation until the connection is fully authenticated and heartbeats (if set) are negotiated.
          Hide
          astitcher Andrew Stitcher added a comment -

          This is CVE-2012-2145

          Show
          astitcher Andrew Stitcher added a comment - This is CVE-2012-2145

            People

            • Assignee:
              Unassigned
              Reporter:
              astitcher Andrew Stitcher
            • Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:

                Development