[
https://issues.apache.org/jira/browse/PROTON-1915?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Keith Wall updated PROTON-1915:
-------------------------------
Description:
The message codec (message format 0) codec of Proton-J is prepared to send
{{message-id}} (and {{correlation-id}}) values with types other than those
permitted by sections 3.2.1.1 through 3.2.14 of the AMQP 1.0 specification.
This means the library allows the caller to send illegally encoded AMQP 1.0
annotated messages.
Here's a trace from the Proton-J example
{{org.apache.qpid.proton.example.reactor.Send}} modified to set a message id
{{message.setMessageId(256);}} on the transmitted message.
The {{q\x00\x00\x01\x00}} corresponds to the message id, with q (0x71) being
the type code of the primate type {{int}}.
{noformat}
[250421012:0] -> Open{ containerId='', hostname='localhost',
maxFrameSize=4294967295, channelMax=65535, idleTimeOut=null,
outgoingLocales=null, incomingLocales=null, offeredCapabilities=null,
desiredCapabilities=null, properties=null}
[250421012:0] -> Begin{remoteChannel=null, nextOutgoingId=1,
incomingWindow=2147483647, outgoingWindow=2147483647, handleMax=65535,
offeredCapabilities=null, desiredCapabilities=null, properties=null}
[250421012:0] -> Attach{name='sender', handle=0, role=SENDER,
sndSettleMode=MIXED, rcvSettleMode=FIRST, source=Source{address='mysource',
durable=NONE, expiryPolicy=SESSION_END, timeout=0, dynamic=false,
dynamicNodeProperties=null, distributionMode=null, filter=null,
defaultOutcome=null, outcomes=null, capabilities=null},
target=Target{address='queue', durable=NONE, expiryPolicy=SESSION_END,
timeout=0, dynamic=false, dynamicNodeProperties=null, capabilities=null},
unsettled=null, incompleteUnsettled=false, initialDeliveryCount=0,
maxMessageSize=null, offeredCapabilities=null, desiredCapabilities=null,
properties=null}
[250421012:0] <- Open{ containerId='14dd72ea-f2c1-44d6-bd04-8d5cb3fea97d',
hostname='null', maxFrameSize=262144, channelMax=255, idleTimeOut=0,
outgoingLocales=null, incomingLocales=null,
offeredCapabilities=[ANONYMOUS-RELAY, SHARED-SUBS,
sole-connection-for-container], desiredCapabilities=null,
properties={product=unknown, version=7.1.0-SNAPSHOT, qpid.build=unknown,
qpid.instance_name=Broker, qpid.virtualhost_properties_supported=true}}
[250421012:0] <- Begin{remoteChannel=0, nextOutgoingId=0, incomingWindow=8192,
outgoingWindow=2048, handleMax=4294967295, offeredCapabilities=null,
desiredCapabilities=null, properties=null}
[250421012:0] <- Attach{name='sender', handle=0, role=RECEIVER,
sndSettleMode=MIXED, rcvSettleMode=FIRST, source=Source{address='mysource',
durable=NONE, expiryPolicy=SESSION_END, timeout=0, dynamic=false,
dynamicNodeProperties=null, distributionMode=null, filter=null,
defaultOutcome=null, outcomes=null, capabilities=null},
target=Target{address='queue', durable=NONE, expiryPolicy=SESSION_END,
timeout=0, dynamic=false, dynamicNodeProperties=null,
capabilities=[REJECT_UNROUTABLE, DELAYED_DELIVERY]}, unsettled={},
incompleteUnsettled=false, initialDeliveryCount=null,
maxMessageSize=1000000000, offeredCapabilities=[REJECT_UNROUTABLE,
DELAYED_DELIVERY], desiredCapabilities=null, properties={}}
[250421012:0] <- Flow{nextIncomingId=1, incomingWindow=8192, nextOutgoingId=0,
outgoingWindow=2048, handle=0, deliveryCount=0, linkCredit=20000,
available=null, drain=false, echo=false, properties=null}
[250421012:0] -> Transfer{handle=0, deliveryId=0, deliveryTag=0,
messageFormat=0, settled=true, more=false, rcvSettleMode=null, state=null,
resume=false, aborted=false, batchable=false} (34)
"\x00Ss\xd0\x00\x00\x00\x09\x00\x00\x00\x01q\x00\x00\x01\x00\x00Sw\xa1\x0cHello
World!"
[250421012:0] -> Detach{handle=0, closed=true, error=null}
[250421012:0] -> End{error=null}
[250421012:0] -> Close{error=null}
[250421012:0] <- Detach{handle=0, closed=true, error=null}
[250421012:0] <- End{error=null}
[250421012:0] <- Close{error=null}
{noformat}
was:
The message codec (message format 0) codec of Proton-J is prepared to send
{{message-id}} (and {{correlation-id}}) values with types other than those
permitted by sections 3.2.1.1 through 3.2.14 of the AMQP 1.0 specification.
This means the library allows the caller to sent illegally encoded AMQP 1.0
annotated messages.
Here's a trace from the Proton-J example
{{org.apache.qpid.proton.example.reactor.Send}} modified to set a message id
{{message.setMessageId(256);}} on the transmitted message.
The {{q\x00\x00\x01\x00}} corresponds to the message id, with q (0x71) being
the type code of the primate type {{int}}.
{noformat}
[250421012:0] -> Open{ containerId='', hostname='localhost',
maxFrameSize=4294967295, channelMax=65535, idleTimeOut=null,
outgoingLocales=null, incomingLocales=null, offeredCapabilities=null,
desiredCapabilities=null, properties=null}
[250421012:0] -> Begin{remoteChannel=null, nextOutgoingId=1,
incomingWindow=2147483647, outgoingWindow=2147483647, handleMax=65535,
offeredCapabilities=null, desiredCapabilities=null, properties=null}
[250421012:0] -> Attach{name='sender', handle=0, role=SENDER,
sndSettleMode=MIXED, rcvSettleMode=FIRST, source=Source{address='mysource',
durable=NONE, expiryPolicy=SESSION_END, timeout=0, dynamic=false,
dynamicNodeProperties=null, distributionMode=null, filter=null,
defaultOutcome=null, outcomes=null, capabilities=null},
target=Target{address='queue', durable=NONE, expiryPolicy=SESSION_END,
timeout=0, dynamic=false, dynamicNodeProperties=null, capabilities=null},
unsettled=null, incompleteUnsettled=false, initialDeliveryCount=0,
maxMessageSize=null, offeredCapabilities=null, desiredCapabilities=null,
properties=null}
[250421012:0] <- Open{ containerId='14dd72ea-f2c1-44d6-bd04-8d5cb3fea97d',
hostname='null', maxFrameSize=262144, channelMax=255, idleTimeOut=0,
outgoingLocales=null, incomingLocales=null,
offeredCapabilities=[ANONYMOUS-RELAY, SHARED-SUBS,
sole-connection-for-container], desiredCapabilities=null,
properties={product=unknown, version=7.1.0-SNAPSHOT, qpid.build=unknown,
qpid.instance_name=Broker, qpid.virtualhost_properties_supported=true}}
[250421012:0] <- Begin{remoteChannel=0, nextOutgoingId=0, incomingWindow=8192,
outgoingWindow=2048, handleMax=4294967295, offeredCapabilities=null,
desiredCapabilities=null, properties=null}
[250421012:0] <- Attach{name='sender', handle=0, role=RECEIVER,
sndSettleMode=MIXED, rcvSettleMode=FIRST, source=Source{address='mysource',
durable=NONE, expiryPolicy=SESSION_END, timeout=0, dynamic=false,
dynamicNodeProperties=null, distributionMode=null, filter=null,
defaultOutcome=null, outcomes=null, capabilities=null},
target=Target{address='queue', durable=NONE, expiryPolicy=SESSION_END,
timeout=0, dynamic=false, dynamicNodeProperties=null,
capabilities=[REJECT_UNROUTABLE, DELAYED_DELIVERY]}, unsettled={},
incompleteUnsettled=false, initialDeliveryCount=null,
maxMessageSize=1000000000, offeredCapabilities=[REJECT_UNROUTABLE,
DELAYED_DELIVERY], desiredCapabilities=null, properties={}}
[250421012:0] <- Flow{nextIncomingId=1, incomingWindow=8192, nextOutgoingId=0,
outgoingWindow=2048, handle=0, deliveryCount=0, linkCredit=20000,
available=null, drain=false, echo=false, properties=null}
[250421012:0] -> Transfer{handle=0, deliveryId=0, deliveryTag=0,
messageFormat=0, settled=true, more=false, rcvSettleMode=null, state=null,
resume=false, aborted=false, batchable=false} (34)
"\x00Ss\xd0\x00\x00\x00\x09\x00\x00\x00\x01q\x00\x00\x01\x00\x00Sw\xa1\x0cHello
World!"
[250421012:0] -> Detach{handle=0, closed=true, error=null}
[250421012:0] -> End{error=null}
[250421012:0] -> Close{error=null}
[250421012:0] <- Detach{handle=0, closed=true, error=null}
[250421012:0] <- End{error=null}
[250421012:0] <- Close{error=null}
{noformat}
> [Proton-J] Message codec encodes messageId values with types other than those
> permitted
> ---------------------------------------------------------------------------------------
>
> Key: PROTON-1915
> URL: https://issues.apache.org/jira/browse/PROTON-1915
> Project: Qpid Proton
> Issue Type: Bug
> Components: proton-j
> Reporter: Keith Wall
> Priority: Major
>
> The message codec (message format 0) codec of Proton-J is prepared to send
> {{message-id}} (and {{correlation-id}}) values with types other than those
> permitted by sections 3.2.1.1 through 3.2.14 of the AMQP 1.0 specification.
> This means the library allows the caller to send illegally encoded AMQP 1.0
> annotated messages.
> Here's a trace from the Proton-J example
> {{org.apache.qpid.proton.example.reactor.Send}} modified to set a message id
> {{message.setMessageId(256);}} on the transmitted message.
> The {{q\x00\x00\x01\x00}} corresponds to the message id, with q (0x71) being
> the type code of the primate type {{int}}.
> {noformat}
> [250421012:0] -> Open{ containerId='', hostname='localhost',
> maxFrameSize=4294967295, channelMax=65535, idleTimeOut=null,
> outgoingLocales=null, incomingLocales=null, offeredCapabilities=null,
> desiredCapabilities=null, properties=null}
> [250421012:0] -> Begin{remoteChannel=null, nextOutgoingId=1,
> incomingWindow=2147483647, outgoingWindow=2147483647, handleMax=65535,
> offeredCapabilities=null, desiredCapabilities=null, properties=null}
> [250421012:0] -> Attach{name='sender', handle=0, role=SENDER,
> sndSettleMode=MIXED, rcvSettleMode=FIRST, source=Source{address='mysource',
> durable=NONE, expiryPolicy=SESSION_END, timeout=0, dynamic=false,
> dynamicNodeProperties=null, distributionMode=null, filter=null,
> defaultOutcome=null, outcomes=null, capabilities=null},
> target=Target{address='queue', durable=NONE, expiryPolicy=SESSION_END,
> timeout=0, dynamic=false, dynamicNodeProperties=null, capabilities=null},
> unsettled=null, incompleteUnsettled=false, initialDeliveryCount=0,
> maxMessageSize=null, offeredCapabilities=null, desiredCapabilities=null,
> properties=null}
> [250421012:0] <- Open{ containerId='14dd72ea-f2c1-44d6-bd04-8d5cb3fea97d',
> hostname='null', maxFrameSize=262144, channelMax=255, idleTimeOut=0,
> outgoingLocales=null, incomingLocales=null,
> offeredCapabilities=[ANONYMOUS-RELAY, SHARED-SUBS,
> sole-connection-for-container], desiredCapabilities=null,
> properties={product=unknown, version=7.1.0-SNAPSHOT, qpid.build=unknown,
> qpid.instance_name=Broker, qpid.virtualhost_properties_supported=true}}
> [250421012:0] <- Begin{remoteChannel=0, nextOutgoingId=0,
> incomingWindow=8192, outgoingWindow=2048, handleMax=4294967295,
> offeredCapabilities=null, desiredCapabilities=null, properties=null}
> [250421012:0] <- Attach{name='sender', handle=0, role=RECEIVER,
> sndSettleMode=MIXED, rcvSettleMode=FIRST, source=Source{address='mysource',
> durable=NONE, expiryPolicy=SESSION_END, timeout=0, dynamic=false,
> dynamicNodeProperties=null, distributionMode=null, filter=null,
> defaultOutcome=null, outcomes=null, capabilities=null},
> target=Target{address='queue', durable=NONE, expiryPolicy=SESSION_END,
> timeout=0, dynamic=false, dynamicNodeProperties=null,
> capabilities=[REJECT_UNROUTABLE, DELAYED_DELIVERY]}, unsettled={},
> incompleteUnsettled=false, initialDeliveryCount=null,
> maxMessageSize=1000000000, offeredCapabilities=[REJECT_UNROUTABLE,
> DELAYED_DELIVERY], desiredCapabilities=null, properties={}}
> [250421012:0] <- Flow{nextIncomingId=1, incomingWindow=8192,
> nextOutgoingId=0, outgoingWindow=2048, handle=0, deliveryCount=0,
> linkCredit=20000, available=null, drain=false, echo=false, properties=null}
> [250421012:0] -> Transfer{handle=0, deliveryId=0, deliveryTag=0,
> messageFormat=0, settled=true, more=false, rcvSettleMode=null, state=null,
> resume=false, aborted=false, batchable=false} (34)
> "\x00Ss\xd0\x00\x00\x00\x09\x00\x00\x00\x01q\x00\x00\x01\x00\x00Sw\xa1\x0cHello
> World!"
> [250421012:0] -> Detach{handle=0, closed=true, error=null}
> [250421012:0] -> End{error=null}
> [250421012:0] -> Close{error=null}
> [250421012:0] <- Detach{handle=0, closed=true, error=null}
> [250421012:0] <- End{error=null}
> [250421012:0] <- Close{error=null}
> {noformat}
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
