[jira] [Created] (QPIDJMS-433) MessageListener.onMessage() has unhandled exception vulnerability which causes infinite loop

Fri, 16 Nov 2018 05:27:06 -0800 

Kim van der Riet created QPIDJMS-433:
----------------------------------------

             Summary: MessageListener.onMessage() has unhandled exception 
vulnerability which causes infinite loop
                 Key: QPIDJMS-433
                 URL: https://issues.apache.org/jira/browse/QPIDJMS-433
             Project: Qpid JMS
          Issue Type: Bug
          Components: qpid-jms-client
    Affects Versions: 0.37.0
            Reporter: Kim van der Riet
         Attachments: QpidJmsClientTest.java, pom.xml

When using a MessageListener, any uncaught exceptions will create an infinite 
loop of resending the same message over and over. As the message is never 
acknowledged during the execution of this loop, stopping the client application 
and restarting it results in the infinite loop immediately resuming.

While this is strictly a developer oversight, it is an easy one to make, 
especially for runtime exceptions. For example, using an illegal character 
while getting a message property (eg. "msg-type") will result in an 
IllegalArgumentExceptionexception (rather than in the perhaps expected 
JMSException), and will trigger this behavior if not explicitly handled in the 
client.

This interface should perhaps anticipate this occurrence, and appropriately 
handle the exception (eg it can then close the connection with an error 
message).

Attached is a simple single-class reproducer which illustrates the issue. 
Sending any message to the queue will result in the triggering of this 
condition, eg:

qpid-send -a TestQueue -m1

and results in:

Listening on amqp://localhost:5672...
onMessage(): JmsTextMessage \{ 
org.apache.qpid.jms.provider.amqp.message.AmqpJmsTextMessageFacade@a2f68bf }
UNHANDLED EXCEPTION: java.lang.IllegalArgumentException: Identifier contains 
invalid JMS identifier character '-': 'msg-type' 
onMessage(): JmsTextMessage \{ 
org.apache.qpid.jms.provider.amqp.message.AmqpJmsTextMessageFacade@4dbc00fa }
UNHANDLED EXCEPTION: java.lang.IllegalArgumentException: Identifier contains 
invalid JMS identifier character '-': 'msg-type' 
onMessage(): JmsTextMessage \{ 
org.apache.qpid.jms.provider.amqp.message.AmqpJmsTextMessageFacade@5e24db1e }
UNHANDLED EXCEPTION: java.lang.IllegalArgumentException: Identifier contains 
invalid JMS identifier character '-': 'msg-type'



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to