Robbie Gemmell created QPID-6193:
------------------------------------
Summary: [Java broker] AMQP 1.0 Open frames with channel-max above
the signed short range leads to failure
Key: QPID-6193
URL: https://issues.apache.org/jira/browse/QPID-6193
Project: Qpid
Issue Type: Bug
Components: Java Broker
Affects Versions: 0.30
Reporter: Robbie Gemmell
The broker defaults channel-max to 255 or whatever has been configured.
When processing the Open frame sent by the peer, the broker attempts to use the
sent channel-max value if it is lower than the configured default.
{noformat}
public synchronized void receiveOpen(short channel, Open open)
{
_channelMax = open.getChannelMax() == null ? _channelMax
: open.getChannelMax().shortValue() < _channelMax
? open.getChannelMax().shortValue()
: _channelMax;
if (_receivingSessions == null)
{
_receivingSessions = new SessionEndpoint[_channelMax + 1];
_sendingSessions = new SessionEndpoint[_channelMax + 1];
}
{noformat}
The logic doesnt handle channel-max being an unsigned short, meaning its use of
getChannelMax().shortValue() may yield negative values for those outwith the
signed range upper limit.
For example, if the peer sends 65535 (possibly be default due to setting a
later field in its Open frame) this will yield -1, which then has 1 added to it
to create a 0-length array, leading to ArrayIndexOutOfBoundsException when the
first Begin frame arrives. The following is output to stdout when this occurs:
{noformat}
[Broker] BRK-1004 : Qpid Broker Ready
00 53 11 c0 0b 05 40 52 01 43 43 70 00 00 04 00
java.lang.ArrayIndexOutOfBoundsException: 0
at
org.apache.qpid.amqp_1_0.transport.ConnectionEndpoint.receiveBegin(ConnectionEndpoint.java:569)
at org.apache.qpid.amqp_1_0.type.transport.Begin.invoke(Begin.java:226)
at
org.apache.qpid.amqp_1_0.transport.ConnectionEndpoint.receive(ConnectionEndpoint.java:802)
at
org.apache.qpid.amqp_1_0.framing.FrameHandler.parse(FrameHandler.java:241)
at
org.apache.qpid.server.protocol.v1_0.ProtocolEngine_1_0_0_SASL$4.run(ProtocolEngine_1_0_0_SASL.java:384)
at
org.apache.qpid.server.protocol.v1_0.ProtocolEngine_1_0_0_SASL$4.run(ProtocolEngine_1_0_0_SASL.java:380)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.Subject.doAs(Subject.java:360)
at
org.apache.qpid.server.protocol.v1_0.ProtocolEngine_1_0_0_SASL.received(ProtocolEngine_1_0_0_SASL.java:379)
at
org.apache.qpid.server.protocol.v1_0.ProtocolEngine_1_0_0_SASL.received(ProtocolEngine_1_0_0_SASL.java:66)
at
org.apache.qpid.server.protocol.MultiVersionProtocolEngine.received(MultiVersionProtocolEngine.java:153)
at
org.apache.qpid.server.protocol.MultiVersionProtocolEngine.received(MultiVersionProtocolEngine.java:51)
at
org.apache.qpid.transport.network.io.IoReceiver.run(IoReceiver.java:161)
at java.lang.Thread.run(Thread.java:745)
{noformat}
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
