Chuck Rolke created PROTON-1173: ----------------------------------- Summary: Proton C core dump in face of channel-max protocol violation Key: PROTON-1173 URL: https://issues.apache.org/jira/browse/PROTON-1173 Project: Qpid Proton Issue Type: Bug Components: proton-c Affects Versions: 0.11.1 Reporter: Chuck Rolke
A rogue client creates a session on a channel higher than the channel-max exchanged at connection open. {noformat} Mon Apr 11 10:34:27 2016 SERVER (trace) [1]:pn_session: too many sessions: 1 channel_max is 0 (/home/chug/git/qpid-dispatch/src/server.c:116) Program received signal SIGSEGV, Segmentation fault. 0x00007ffff793b84a in pn_do_begin (transport=0x6a4bd0, frame_type=0 '\000', channel=1, args=0x7c1f60, payload=0x7fffffffd2c0) at /home/chug/git/qpid-proton/proton-c/src/transport/transport.c:1205 1205 ssn->state.incoming_transfer_count = next; Missing separate debuginfos, use: debuginfo-install nss-mdns-0.10-15.fc21.x86_64 (gdb) (gdb) list 1200 // XXX: what if session is NULL? 1201 ssn = (pn_session_t *) pn_hash_get(transport->local_channels, remote_channel); 1202 } else { 1203 ssn = pn_session(transport->connection); 1204 } 1205 ssn->state.incoming_transfer_count = next; 1206 pni_map_remote_channel(ssn, channel); 1207 PN_SET_REMOTE(ssn->endpoint.state, PN_REMOTE_ACTIVE); 1208 pn_collector_put(transport->connection->collector, PN_OBJECT, ssn, PN_SESSION_REMOTE_OPEN); 1209 return 0; (gdb) p ssn $1 = (pn_session_t *) 0x0 (gdb) {noformat} Session is null and SEGV is what happens. -- This message was sent by Atlassian JIRA (v6.3.4#6332)