This is an automated email from the ASF dual-hosted git repository. astitcher pushed a commit to branch main in repository https://gitbox.apache.org/repos/asf/qpid-proton.git
commit e3e9df66fd8587bc3d139543037c0e0b70f5217c Author: Andrew Stitcher <[email protected]> AuthorDate: Wed Sep 18 15:38:31 2024 -0400 PROTON-2853: Fix potential DoS found by fuzzer --- c/src/core/transport.c | 7 ++++++- c/tests/fuzz/fuzz-connection-driver/crash/crash-20240918 | Bin 0 -> 435 bytes 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/c/src/core/transport.c b/c/src/core/transport.c index 04d05bc57..89a50f70b 100644 --- a/c/src/core/transport.c +++ b/c/src/core/transport.c @@ -1397,6 +1397,9 @@ int pn_do_transfer(pn_transport_t *transport, uint8_t frame_type, uint16_t chann pn_delivery_map_t *incoming = &ssn->state.incoming; if (!ssn->state.incoming_init) { + if (!id_present) { + return pn_do_error(transport, "amqp:invalid-field", "delivery-id required on initial transfer of session"); + } incoming->next = id; ssn->state.incoming_init = true; ssn->incoming_deliveries++; @@ -1423,9 +1426,11 @@ int pn_do_transfer(pn_transport_t *transport, uint8_t frame_type, uint16_t chann pn_buffer_append(delivery->bytes, payload.start, payload.size); if (more) { if (!link->more_pending) { + if (!id_present) { + return pn_do_error(transport, "amqp:invalid-field", "delivery-id required for transfer"); + } // First frame of a multi-frame transfer. Remember at link level. link->more_pending = true; - assert(id_present); // Id MUST be set on first frame, and already checked above. link->more_id = id; } delivery->done = false; diff --git a/c/tests/fuzz/fuzz-connection-driver/crash/crash-20240918 b/c/tests/fuzz/fuzz-connection-driver/crash/crash-20240918 new file mode 100644 index 000000000..4425c1722 Binary files /dev/null and b/c/tests/fuzz/fuzz-connection-driver/crash/crash-20240918 differ --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
