/[Apache-SVN]
ViewVC logotype

Revision 1453031


Jump to revision: Previous Next
Author: astitcher
Date: Tue Mar 5 21:57:48 2013 UTC (12 years, 1 month ago)
Changed paths: 4
Log Message:
QPID-4629 Improve validation of received frames.
- Added checks to Buffer to ensure no buffer overruns occur;
- Fixed an unsigned comparison error in the checking function.
- Improved FieldValue decoding to check we've actually got data
  before allocating the space for it.
- Disallowed large arrays (greater than 256 elements) of zero length
  elements - avoids potential memory exhaustion problems.
[Fixes from Florian Weimer, Red Hat Product Security Team, lightly
modified]
This change fixes these vulnerabilities
CVE-2012-4458
CVE-2012-4459
CVE-2012-4460

Changed paths

Path Details
Directoryqpid/trunk/qpid/cpp/include/qpid/framing/Buffer.h modified , text changed
Directoryqpid/trunk/qpid/cpp/include/qpid/framing/FieldValue.h modified , text changed
Directoryqpid/trunk/qpid/cpp/src/qpid/framing/Array.cpp modified , text changed
Directoryqpid/trunk/qpid/cpp/src/qpid/framing/Buffer.cpp modified , text changed

infrastructure at apache.org
ViewVC Help
Powered by ViewVC 1.1.26