[jira] [Updated] (CASSANDRA-13455) lose check of null strings in decoding client token

Robert Stupp (JIRA) Thu, 20 Apr 2017 00:15:24 -0700

     [ 
https://issues.apache.org/jira/browse/CASSANDRA-13455?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Robert Stupp updated CASSANDRA-13455:
-------------------------------------
       Resolution: Not A Problem
    Fix Version/s:     (was: 3.10)
           Status: Resolved  (was: Patch Available)

> lose check of null strings in decoding client token
> ---------------------------------------------------
>
>                 Key: CASSANDRA-13455
>                 URL: https://issues.apache.org/jira/browse/CASSANDRA-13455
>             Project: Cassandra
>          Issue Type: Bug
>         Environment: CentOS7.2
> Java 1.8
>            Reporter: Amos Jianjun Kong
>            Assignee: Amos Jianjun Kong
>         Attachments: 0001-auth-check-both-null-points-and-null-strings.patch, 
> 0001-auth-strictly-delimit-in-decoding-client-token.patch
>
>
> RFC4616 requests AuthZID, USERNAME, PASSWORD are delimited by single '\000'.
> Current code actually delimits by serial '\000', when username or password
> is null, it caused decoding derangement.
> The problem was found in code review.
> ------------
> update: above description is wrong, the problem is that :
> When client responses null strings for username or password,
> current decodeCredentials() can't identify it.



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)

[jira] [Updated] (CASSANDRA-13455) lose check of null strings in decoding client token

Reply via email to