cassandra-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Amos Jianjun Kong (JIRA)" <j...@apache.org>
Subject [jira] [Updated] (CASSANDRA-13455) lose check of null strings in decoding client token
Date Wed, 19 Apr 2017 01:43:41 GMT

     [ https://issues.apache.org/jira/browse/CASSANDRA-13455?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Amos Jianjun Kong updated CASSANDRA-13455:
------------------------------------------
    Summary: lose check of null strings in decoding client token  (was: derangement in decoding
client token)

> lose check of null strings in decoding client token
> ---------------------------------------------------
>
>                 Key: CASSANDRA-13455
>                 URL: https://issues.apache.org/jira/browse/CASSANDRA-13455
>             Project: Cassandra
>          Issue Type: Bug
>         Environment: CentOS7.2
> Java 1.8
>            Reporter: Amos Jianjun Kong
>            Assignee: Amos Jianjun Kong
>             Fix For: 3.10
>
>         Attachments: 0001-auth-check-both-null-points-and-null-strings.patch, 0001-auth-strictly-delimit-in-decoding-client-token.patch
>
>
> RFC4616 requests AuthZID, USERNAME, PASSWORD are delimited by single '\000'.
> Current code actually delimits by serial '\000', when username or password
> is null, it caused decoding derangement.
> The problem was found in code review.



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)

Mime
View raw message