[jira] Updated: (QPID-2488) ACL - error handling/bounds checking

Thu, 08 Apr 2010 09:40:00 -0700 

     [ 
https://issues.apache.org/jira/browse/QPID-2488?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Rajith Attapattu updated QPID-2488:
-----------------------------------

    Attachment: QPID-2488.patch

The attached patch adds a very basic validation model.
It basically iterates through the ACL model and verify 3 properties (namely 
queue-policy, max-queue-count and size).
However it's generic enough to add validation for any property.

There is room for improvement. You could validate object and action 
combinations and also check if properties are valid for a given object.
These are nice to have items, and will be tackled in the future.

> ACL - error handling/bounds checking
> ------------------------------------
>
>                 Key: QPID-2488
>                 URL: https://issues.apache.org/jira/browse/QPID-2488
>             Project: Qpid
>          Issue Type: Bug
>          Components: C++ Broker
>    Affects Versions: 0.5, 0.6
>            Reporter: Rajith Attapattu
>            Assignee: Rajith Attapattu
>             Fix For: 0.7
>
>         Attachments: QPID-2488.patch
>
>
> Qpid ACL properties maxqueuesize, maxqueuecount, policytype, ... currently 
> accepts invalid values.
> Only valid ACL rules should be applied, at the moment broker throws an 
> exception at the point when invalid ACL rule is triggered.
> How reproducible:
> Always
> Steps to Reproduce:
> #set ACL rules vith invalid values
> acl allow tes...@qpid all queue maxqueuesize=18446744073709551617
> acl allow tes...@qpid all queue maxqueuesize=-1
> acl allow tes...@qpid all queue policytype=invalid_policy_type
> Actual results:
> ACL rules with invalid rules/values are processed without any error message. 
> qpidd.log:
> 2009-oct-23 07:11:56 debug ACL Processing  1 allow [tes...@qpid] * queue
> maxqueuesize=18446744073709551617
> 2009-oct-23 07:11:56 debug ACL: Adding actions
> {consume,publish,create,access,bind,unbind,delete,purge,update} to objects
> {queue} with props { maxqueuesize=18446744073709551617 } for users
> {tes...@qpid}
> ...
> Expected results:
> ACL rules with invalid property values should not be processed

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


---------------------------------------------------------------------
Apache Qpid - AMQP Messaging Implementation
Project:      http://qpid.apache.org
Use/Interact: mailto:[email protected]

Reply via email to