(james-project) branch master updated: [FIX] Prevent queue poisoning for spool

Mon, 21 Oct 2024 19:41:02 -0700 

This is an automated email from the ASF dual-hosted git repository.

rcordier pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/james-project.git


The following commit(s) were added to refs/heads/master by this push:
     new 05da6d9327 [FIX] Prevent queue poisoning for spool
05da6d9327 is described below

commit 05da6d93275dbe39451851f58badaf5d7a1d0bb5
Author: Benoit TELLIER <btell...@linagora.com>
AuthorDate: Mon Oct 21 17:06:11 2024 +0200

    [FIX] Prevent queue poisoning for spool
    
    Create a bad payload and post it to the spool mail queue directly via rabbit
    
    Then it would trigger an exception, propagated onto rabbitmq driver
    
    The message is then unhandled and unacked
    
    Until the timeout is reach to which point customers dies
    
    unacked message are put back to the queue and delivered again
    
    And message get delivered in loop
---
 .../java/org/apache/james/queue/rabbitmq/Dequeuer.java     | 14 ++++++++------
 1 file changed, 8 insertions(+), 6 deletions(-)

diff --git 
a/server/queue/queue-rabbitmq/src/main/java/org/apache/james/queue/rabbitmq/Dequeuer.java
 
b/server/queue/queue-rabbitmq/src/main/java/org/apache/james/queue/rabbitmq/Dequeuer.java
index b5eee6ba93..919ce17748 100644
--- 
a/server/queue/queue-rabbitmq/src/main/java/org/apache/james/queue/rabbitmq/Dequeuer.java
+++ 
b/server/queue/queue-rabbitmq/src/main/java/org/apache/james/queue/rabbitmq/Dequeuer.java
@@ -39,7 +39,6 @@ import org.apache.mailet.Mail;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
-import com.github.fge.lambdas.Throwing;
 import com.github.fge.lambdas.consumers.ThrowingConsumer;
 
 import reactor.core.publisher.Flux;
@@ -178,11 +177,14 @@ class Dequeuer {
 
     private Mono<MailReferenceDTO> toMailReference(AcknowledgableDelivery 
delivery) {
         return Mono.fromCallable(delivery::getBody)
-            
.map(Throwing.function(mailReferenceSerializer::read).sneakyThrow())
-            .onErrorResume(e -> {
-                LOGGER.error("Fail to deserialize MailReferenceDTO. Discarding 
this message to prevent an infinite loop.", e);
-                delivery.nack(!REQUEUE);
-                return Mono.empty();
+            .handle((bytes, sink) -> {
+                try {
+                    sink.next(mailReferenceSerializer.read(bytes));
+                } catch (Exception e) {
+                    LOGGER.error("Fail to deserialize MailReferenceDTO. 
Discarding this message to prevent an infinite loop.", e);
+                    delivery.nack(!REQUEUE);
+                    sink.complete();
+                }
             });
     }
 }


---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscr...@james.apache.org
For additional commands, e-mail: notifications-h...@james.apache.org

Reply via email to