[
https://issues.apache.org/jira/browse/PROTON-771?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14242115#comment-14242115
]
ASF subversion and git services commented on PROTON-771:
--------------------------------------------------------
Commit d8e99db54449f22ea2b77c2d9ee4203c9f049e45 in qpid-proton's branch
refs/heads/master from [~astitcher]
[ https://git-wip-us.apache.org/repos/asf?p=qpid-proton.git;h=d8e99db ]
PROTON-771: Validate performative against frame type
> AMQP and SASL performatives are not validated against correct frame type
> ------------------------------------------------------------------------
>
> Key: PROTON-771
> URL: https://issues.apache.org/jira/browse/PROTON-771
> Project: Qpid Proton
> Issue Type: Bug
> Components: proton-c
> Reporter: Andrew Stitcher
> Assignee: Andrew Stitcher
>
> The protocol processing logic for proton does not currently validate that
> amqp and sasl performatives actually have the correct frame type. In fact the
> current code completely ignores the frame type.
> This really only means that it will accept some invalid protocol sequences
> and treat them as valid ones, it doesn't allow any security exploits in
> itself.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
