qpid-proton mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "ASF subversion and git services (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (PROTON-553) Proton-C does not URLdecode password before doing SASL-PLAIN
Date Fri, 04 Apr 2014 19:04:15 GMT

    [ https://issues.apache.org/jira/browse/PROTON-553?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13960289#comment-13960289

ASF subversion and git services commented on PROTON-553:

Commit 1584865 from rhs@apache.org in branch 'proton/trunk'
[ https://svn.apache.org/r1584865 ]

PROTON-553: made pni_parse_url do url decoding on user and password

> Proton-C does not URLdecode password before doing SASL-PLAIN
> ------------------------------------------------------------
>                 Key: PROTON-553
>                 URL: https://issues.apache.org/jira/browse/PROTON-553
>             Project: Qpid Proton
>          Issue Type: Bug
>          Components: proton-c
>    Affects Versions: 0.7
>            Reporter: James Birdsall
>             Fix For: 0.7
>         Attachments: sasl.c
> This is a serious issue using Proton-C against ServiceBus because our passwords are base64-encoded
keys and frequently contain '/'. Previous versions of Proton-C didn't care about technically
illegal forward slashes in the URL, but 0.7 sure does. URL encoding the password gets around
that, but then the encoded password is presented to our broker and is rejected. Since Proton
is the one dealing with a URL and enforcing URL rules, it should do the decoding before passing
the pieces on to other layers.

This message was sent by Atlassian JIRA

View raw message