[jira] [Updated] (CASSANDRA-13455) lose check of null strings in decoding client token
[ https://issues.apache.org/jira/browse/CASSANDRA-13455?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Robert Stupp updated CASSANDRA-13455: - Resolution: Not A Problem Fix Version/s: (was: 3.10) Status: Resolved (was: Patch Available) > lose check of null strings in decoding client token > --- > > Key: CASSANDRA-13455 > URL: https://issues.apache.org/jira/browse/CASSANDRA-13455 > Project: Cassandra > Issue Type: Bug > Environment: CentOS7.2 > Java 1.8 >Reporter: Amos Jianjun Kong >Assignee: Amos Jianjun Kong > Attachments: 0001-auth-check-both-null-points-and-null-strings.patch, > 0001-auth-strictly-delimit-in-decoding-client-token.patch > > > RFC4616 requests AuthZID, USERNAME, PASSWORD are delimited by single '\000'. > Current code actually delimits by serial '\000', when username or password > is null, it caused decoding derangement. > The problem was found in code review. > > update: above description is wrong, the problem is that : > When client responses null strings for username or password, > current decodeCredentials() can't identify it. -- This message was sent by Atlassian JIRA (v6.3.15#6346)
[jira] [Updated] (CASSANDRA-13455) lose check of null strings in decoding client token
[ https://issues.apache.org/jira/browse/CASSANDRA-13455?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Amos Jianjun Kong updated CASSANDRA-13455: -- Description: RFC4616 requests AuthZID, USERNAME, PASSWORD are delimited by single '\000'. Current code actually delimits by serial '\000', when username or password is null, it caused decoding derangement. The problem was found in code review. update: above description is wrong, the problem is that : When client responses null strings for username or password, current decodeCredentials() can't identify it. was: RFC4616 requests AuthZID, USERNAME, PASSWORD are delimited by single '\000'. Current code actually delimits by serial '\000', when username or password is null, it caused decoding derangement. The problem was found in code review. > lose check of null strings in decoding client token > --- > > Key: CASSANDRA-13455 > URL: https://issues.apache.org/jira/browse/CASSANDRA-13455 > Project: Cassandra > Issue Type: Bug > Environment: CentOS7.2 > Java 1.8 >Reporter: Amos Jianjun Kong >Assignee: Amos Jianjun Kong > Fix For: 3.10 > > Attachments: 0001-auth-check-both-null-points-and-null-strings.patch, > 0001-auth-strictly-delimit-in-decoding-client-token.patch > > > RFC4616 requests AuthZID, USERNAME, PASSWORD are delimited by single '\000'. > Current code actually delimits by serial '\000', when username or password > is null, it caused decoding derangement. > The problem was found in code review. > > update: above description is wrong, the problem is that : > When client responses null strings for username or password, > current decodeCredentials() can't identify it. -- This message was sent by Atlassian JIRA (v6.3.15#6346)
[jira] [Updated] (CASSANDRA-13455) lose check of null strings in decoding client token
[ https://issues.apache.org/jira/browse/CASSANDRA-13455?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Amos Jianjun Kong updated CASSANDRA-13455: -- Summary: lose check of null strings in decoding client token (was: derangement in decoding client token) > lose check of null strings in decoding client token > --- > > Key: CASSANDRA-13455 > URL: https://issues.apache.org/jira/browse/CASSANDRA-13455 > Project: Cassandra > Issue Type: Bug > Environment: CentOS7.2 > Java 1.8 >Reporter: Amos Jianjun Kong >Assignee: Amos Jianjun Kong > Fix For: 3.10 > > Attachments: 0001-auth-check-both-null-points-and-null-strings.patch, > 0001-auth-strictly-delimit-in-decoding-client-token.patch > > > RFC4616 requests AuthZID, USERNAME, PASSWORD are delimited by single '\000'. > Current code actually delimits by serial '\000', when username or password > is null, it caused decoding derangement. > The problem was found in code review. -- This message was sent by Atlassian JIRA (v6.3.15#6346)
