[jira] Updated: (QPID-2488) ACL - error handling/bounds checking

Thu, 08 Apr 2010 12:44:02 -0700 

     [ 
https://issues.apache.org/jira/browse/QPID-2488?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Rajith Attapattu updated QPID-2488:
-----------------------------------

    Attachment: QPID-2488.patch

Attached a new patch with changes suggested by Alan. 
I modified the map<acl::Property, AclProperty* > to map<acl::Property, 
boost::shared_ptr<AclProperty> > and fixed an indentation issue.

> ACL - error handling/bounds checking
> ------------------------------------
>
>                 Key: QPID-2488
>                 URL: https://issues.apache.org/jira/browse/QPID-2488
>             Project: Qpid
>          Issue Type: Bug
>          Components: C++ Broker
>    Affects Versions: 0.5, 0.6
>            Reporter: Rajith Attapattu
>            Assignee: Rajith Attapattu
>             Fix For: 0.7
>
>         Attachments: QPID-2488.patch, QPID-2488.test.patch
>
>
> Qpid ACL properties maxqueuesize, maxqueuecount, policytype, ... currently 
> accepts invalid values.
> Only valid ACL rules should be applied, at the moment broker throws an 
> exception at the point when invalid ACL rule is triggered.
> How reproducible:
> Always
> Steps to Reproduce:
> #set ACL rules vith invalid values
> acl allow tes...@qpid all queue maxqueuesize=18446744073709551617
> acl allow tes...@qpid all queue maxqueuesize=-1
> acl allow tes...@qpid all queue policytype=invalid_policy_type
> Actual results:
> ACL rules with invalid rules/values are processed without any error message. 
> qpidd.log:
> 2009-oct-23 07:11:56 debug ACL Processing  1 allow [tes...@qpid] * queue
> maxqueuesize=18446744073709551617
> 2009-oct-23 07:11:56 debug ACL: Adding actions
> {consume,publish,create,access,bind,unbind,delete,purge,update} to objects
> {queue} with props { maxqueuesize=18446744073709551617 } for users
> {tes...@qpid}
> ...
> Expected results:
> ACL rules with invalid property values should not be processed

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


---------------------------------------------------------------------
Apache Qpid - AMQP Messaging Implementation
Project:      http://qpid.apache.org
Use/Interact: mailto:[email protected]

Reply via email to