[PROTON-235] SASL layer can "replicate" inbound SASL frames under some circumstances. - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Closed
Priority: Major
Resolution: Fixed
Affects Version/s: proton-0.3
Fix Version/s: proton-0.4
Component/s: proton-c
Labels:
None

Description

If an inbound SASL frame is fragmented, then the SASL layer incorrectly re-reads the same frame data. This causes the engine to fail.

Reproducer:

def testFracturedSASL(self):
self.s1.mechanisms("ANONYMOUS")
self.s1.client()

self.t1.trace(Transport.TRACE_FRM)

out = self.t1.output(1024)
print("out=%s" % str(out))
self.t1.input("AMQP\x03\x01\x00\x00")
out = self.t1.output(1024)
print("out=%s" % str(out))
self.t1.input("\x00\x00\x00")
out = self.t1.output(1024)
print("out=%s" % str(out))
self.t1.input("A\x02\x01\x00\x00\x00S@\xc04\x01\xe01\x06\xa3\x06GSSAPI\x05PLAIN\x0aDIGEST-MD5\x08AMQPLAIN\x08CRAM-MD5\x04NTLM")
out = self.t1.output(1024)
print("out=%s" % str(out))
self.t1.input("\x00\x00\x00\x10\x02\x01\x00\x00\x00SD\xc0\x03\x01P\x00")
out = self.t1.output(1024)
while out:
print("out=%s" % str(out))
out = self.t1.output(1024)

When tracing is turned on, SASL will report the following frames as received:

<- SASL
[0x200f0e0:0] <- SASL-MECHANISMS @64 [@PN_SYMBOL[:GSSAPI, :PLAIN, :"DIGEST-MD5", :AMQPLAIN, :"CRAM-MD5", :NTLM]]
[0x200f0e0:0] <- SASL-MECHANISMS @64 [@PN_SYMBOL[:GSSAPI, :PLAIN, :"DIGEST-MD5", :AMQPLAIN, :"CRAM-MD5", :NTLM]]

Notice the MECHANISM frame is reported as received twice by the SASL layer, but it was only read once from the network.

Attachments

Issue Links

is blocked by

PROTON-225 Redesign Transport interface such that Transport owns the in/out buffers rather than its client

Closed

Activity

People

Assignee:: Ken Giusti

Reporter:: Ken Giusti

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Dates

Created:: 12/Feb/13 16:01

Updated:: 07/Jan/16 11:32

Resolved:: 15/Feb/13 19:56