hc-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Karl Wright (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HTTPCLIENT-1715) NTLMEngineImpl.Type1Message not thread safe but declared as a constant
Date Wed, 27 Jan 2016 08:44:39 GMT

    [ https://issues.apache.org/jira/browse/HTTPCLIENT-1715?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15118875#comment-15118875

Karl Wright commented on HTTPCLIENT-1715:

Hi Gary,

As you may know, this NTLM implementation was constructed from specifications developed by
reverse engineering the proprietary NTLM protocol on various versions of Windows.  There is
no "best behavior" because everything has to be tested against multiple windows versions.
 The reverse engineered specification includes a place for domain and host in the Type 1 message,
but many windows versions do not seem to set these values, and we could not guarantee that
setting them would not cause trouble in some instances.

> NTLMEngineImpl.Type1Message not thread safe but declared as a constant
> ----------------------------------------------------------------------
>                 Key: HTTPCLIENT-1715
>                 URL: https://issues.apache.org/jira/browse/HTTPCLIENT-1715
>             Project: HttpComponents HttpClient
>          Issue Type: Bug
>          Components: HttpClient
>    Affects Versions: 4.5.1
>            Reporter: Olivier Lafontaine
>            Assignee: Gary Gregory
>             Fix For: 4.5.2, 5.0 Alpha2
> {{NTLMEngineImpl}} declares a {{static final}} member named {{TYPE_1_MESSAGE}} of type
{{Type1Message}}. Members of {{Type1Message}} are final and do not change, but that is not
the case for members of its superclass {{NTLMMessage}}.
> Whenever the method {{NTLMEngineImpl#getType1Message(String, String)}} is called, the
method {{NTLMMessage#getResponse()}} get called on the {{TYPE_1_MESSAGE}} instance and this
modifies the following members of {{NTLMMessage}}:
> * messageContents
> * currentOutputPosition
> This is not thread safe and we get exceptions as seen in HTTPCLIENT-1686.
> My guess is that the computed response string should be kept in a constant instead of
a {{Type1Message}} instance.

This message was sent by Atlassian JIRA

To unsubscribe, e-mail: dev-unsubscribe@hc.apache.org
For additional commands, e-mail: dev-help@hc.apache.org

View raw message