-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/55585/
-----------------------------------------------------------
(Updated Jan. 17, 2017, 9:05 p.m.)
Review request for qpid and Andrew Stitcher.
Bugs: PROTON-1388
https://issues.apache.org/jira/browse/PROTON-1388
Repository: qpid-proton-git
Description
-------
In pn_input_read_sasl, when a successful outcome frame is read, it will set the
desired_state to SASL_RECVED_OUTCOME_SUCCEED. This means that
pni_sasl_is_final_input_state() will return true. However from what I can tell,
the last_state, which is what is checked by pni_sasl_is_final_output_state(),
is only set to this same value when pni_post_sasl_frame() is called, and the
client will never need to call that after receiving an outcome (as the sasl
exchange is then over).
So if we get two calls to pn_input_read_sasl(), one to read the outcome, the
next to read the first encrypted data, *without* a pn_output_write_sasl()
between them, pni_sasl_is_final_input_state() will return true but
pni_sasl_is_final_output_state() will return false on the second read, which
results in the second recv call passing it to the passthru layer even though it
may be encrypted.
This patch ensures that if the final input state has been reached for sasl, and
encryption was negotiated, further incoming data is always decoded (even if we
have not yet reached the final output state and so have not set io_layers).
Diffs
-----
proton-c/src/sasl/sasl.c 69fb6b2
Diff: https://reviews.apache.org/r/55585/diff/
Testing
-------
Existing tests pass. Rerproducer for original issue - occasional failure of
proton client using DIGEST-MD5 against qpidd - passes reliably (i.e. while
./simple_send.py -a guest:guest@localhost -m 1; do echo ok; done against qpidd,
with only DIGEST-MD5 allowed).
Thanks,
Gordon Sim
