[jira] [Commented] (PROTON-976) pn_read_frame does not validate frame offset

ASF subversion and git services (JIRA) Fri, 07 Aug 2015 05:44:03 -0700

    [ 
https://issues.apache.org/jira/browse/PROTON-976?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14661775#comment-14661775
 ]


ASF subversion and git services commented on PROTON-976:
--------------------------------------------------------

Commit 8e0edcc40a60ca416b4f4a8f8bdbc98ba18f92aa in qpid-proton's branch 
refs/heads/0.10.x from [~kgiusti]
[ https://git-wip-us.apache.org/repos/asf?p=qpid-proton.git;h=8e0edcc ]

PROTON-976: verify frame header before parsing

Proton-J fixes authored by Robert Gemmell <rob...@apache.org>

(cherry picked from commit be4e0f0bef30624817afa8cb4a25f5402a5046fe)


> pn_read_frame does not validate frame offset
> --------------------------------------------
>
>                 Key: PROTON-976
>                 URL: https://issues.apache.org/jira/browse/PROTON-976
>             Project: Qpid Proton
>          Issue Type: Bug
>          Components: proton-c
>    Affects Versions: 0.10
>            Reporter: Ken Giusti
>            Assignee: Ken Giusti
>            Priority: Blocker
>             Fix For: 0.10
>
>
> pn_read_frame in framing.c does not validate the doff  with respect to the 
> frame size.  If doff is corrupt proton will still attempt to parse the frame. 
>  This can result in a crash.
> I consider this a blocker as an attacker can craft a bad frame that results 
> in crashing the receiver.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

[jira] [Commented] (PROTON-976) pn_read_frame does not validate frame offset

Reply via email to