[
https://issues.apache.org/jira/browse/QPID-2413?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12835320#action_12835320
]
Rajith Attapattu commented on QPID-2413:
----------------------------------------
In rev 911509 in Qpid trunk, I added some error handling to catch the lexical
cast errors and report a proper error message.
As a security measure the ACL request is denied.
This atleast prevents the broker killing the connection.
A proper mechanism needs to be put in place to validate ACL rules.
> ACL - error handling/bounds checking
> ------------------------------------
>
> Key: QPID-2413
> URL: https://issues.apache.org/jira/browse/QPID-2413
> Project: Qpid
> Issue Type: Bug
> Components: C++ Broker
> Affects Versions: 0.5, 0.6
> Reporter: Rajith Attapattu
> Assignee: Rajith Attapattu
> Fix For: 0.7
>
>
> The c++ broker accepts illegal values for the following ACL properties
> maxqueuesize, maxqueuecount, policytype,
> Only valid ACL rules should be accepted and an exception should thrown at
> startup time.
> At the moment the broker throws an exception at the point when the ACL rule
> with illegal values is triggered.
> Steps to Reproduce:
> #set ACL rules vith invalid values
> acl allow tes...@qpid all queue maxqueuesize=18446744073709551617
> acl allow tes...@qpid all queue maxqueuesize=-1
> acl allow tes...@qpid all queue policytype=invalid_policy_type
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
---------------------------------------------------------------------
Apache Qpid - AMQP Messaging Implementation
Project: http://qpid.apache.org
Use/Interact: mailto:[email protected]
