ignite-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Sergey Chugunov (JIRA)" <j...@apache.org>
Subject [jira] [Comment Edited] (IGNITE-11875) Thin client is unable to authenticate with long password
Date Tue, 18 Jun 2019 12:58:00 GMT

    [ https://issues.apache.org/jira/browse/IGNITE-11875?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16866579#comment-16866579
] 

Sergey Chugunov edited comment on IGNITE-11875 at 6/18/19 12:57 PM:
--------------------------------------------------------------------

[~isapego],

As far as I can see we have a race condition in *ClientListenerNioListener#onHandshake* method
between timeout thread counting handshake timeout and whatever thread that calls onHandshake
method.

The point is that if timeout thread manages to close the session before it is deleted by logic
of onHandshake method, lately the method will try to write a response to already closed session.

However I may be wrong here and session object we use here has some internal logic to handle
this situation.



was (Author: sergey-chugunov):
[~isapego],

As far as I can see we have a race condition in *ClientListenerNioListener#onHandshake* method
between timeout thread counting handshake timeout and whatever thread that calls onHandshake
method.

The point is that if timeout thread manages to close the session before it is deleted by login
of onHandshake method, lately the method will try to write a response to already closed session.

However I may be wrong here and session object we use here has some internal logic to handle
this situation.


> Thin client is unable to authenticate with long password
> --------------------------------------------------------
>
>                 Key: IGNITE-11875
>                 URL: https://issues.apache.org/jira/browse/IGNITE-11875
>             Project: Ignite
>          Issue Type: Bug
>          Components: jdbc, odbc, thin client
>    Affects Versions: 2.7
>            Reporter: Igor Sapego
>            Assignee: Igor Sapego
>            Priority: Major
>             Fix For: 2.8
>
>          Time Spent: 10m
>  Remaining Estimate: 0h
>
> Token authentication could use long usernames/passwords, that leads to "Invalid handshake
message" 
> ClientListenerNioServerBuffer:
> {code:java}
>         if (cnt == msgSize) {
>             byte[] data0 = data;
>             reset();
>             return data0;
>         }
>         else {
>             if (checkHandshake && cnt > 0 && (msgSize > ClientListenerNioListener.MAX_HANDSHAKE_MSG_SIZE
>                 || data[0] != ClientListenerRequest.HANDSHAKE))
>                 throw new IgniteCheckedException("Invalid handshake message");
>             return null;
>         }
> {code}
> The reproducer is attached.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Mime
View raw message