[jira] [Commented] (SOLR-12354) org.apache.solr.security.PKIAuthenticationPlugin does not check response code when retrieving remotePublicKey

Sat, 02 Jun 2018 06:34:21 -0700 


    [ 
https://issues.apache.org/jira/browse/SOLR-12354?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16499068#comment-16499068
 ] 

Lucene/Solr QA commented on SOLR-12354:
---------------------------------------

| (x) *{color:red}-1 overall{color}* |
\\
\\
|| Vote || Subsystem || Runtime || Comment ||
| {color:red}-1{color} | {color:red} patch {color} | {color:red}  0m  6s{color} 
| {color:red} SOLR-12354 does not apply to master. Rebase required? Wrong 
Branch? See 
https://wiki.apache.org/solr/HowToContribute#Creating_the_patch_file for help. 
{color} |
\\
\\
|| Subsystem || Report/Notes ||
| JIRA Issue | SOLR-12354 |
| JIRA Patch URL | 
https://issues.apache.org/jira/secure/attachment/12926081/SOLR-12354.patch |
| Console output | 
https://builds.apache.org/job/PreCommit-SOLR-Build/110/console |
| Powered by | Apache Yetus 0.7.0   http://yetus.apache.org |


This message was automatically generated.



> org.apache.solr.security.PKIAuthenticationPlugin does not check response code 
> when retrieving remotePublicKey
> -------------------------------------------------------------------------------------------------------------
>
>                 Key: SOLR-12354
>                 URL: https://issues.apache.org/jira/browse/SOLR-12354
>             Project: Solr
>          Issue Type: Bug
>      Security Level: Public(Default Security Level. Issues are Public) 
>          Components: Authentication
>    Affects Versions: 6.6.2, 6.6.3
>            Reporter: hamada
>            Assignee: Noble Paul
>            Priority: Major
>         Attachments: SOLR-12354.patch
>
>
> in decipherHeader(), if keyCache does not contain the key of interest, then a 
> remote call is made to retrieve the key from the remote host, by calling 
> getRemotePublicKey, which fails if the server returns an html error page.
> e.g.:
> org.noggit.JSONParser$ParseException: JSON Parse Error: char=<,position=0 
> BEFORE='<' AFTER='html> <head> <meta http-equiv="Content-' at 
> org.noggit.JSONParser.err(JSONParser.java:356) ~[noggit-0.6.jar:?] at 
> org.noggit.JSONParser.handleNonDoubleQuoteString(JSONParser.java:712) 
> ~[noggit-0.6.jar:?] at org.noggit.JSONParser.next(JSONParser.java:886) 
> ~[noggit-0.6.jar:?] at org.noggit.JSONParser.nextEvent(JSONParser.java:930) 
> ~[noggit-0.6.jar:?] at org.noggit.ObjectBuilder.<init>(ObjectBuilder.java:44) 
> ~[noggit-0.6.jar:?] at org.noggit.ObjectBuilder.getVal(ObjectBuilder.java:37) 
> ~[noggit-0.6.jar:?]



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org
For additional commands, e-mail: dev-h...@lucene.apache.org

Reply via email to