[
https://issues.apache.org/jira/browse/CASSANDRA-13455?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15972518#comment-15972518
]
Robert Stupp commented on CASSANDRA-13455:
------------------------------------------
Can you elaborate why you think that the current code is broken? I do not see
anything that's broken there.
(Ideally with a unit test.)
> derangement in decoding client token
> ------------------------------------
>
> Key: CASSANDRA-13455
> URL: https://issues.apache.org/jira/browse/CASSANDRA-13455
> Project: Cassandra
> Issue Type: Bug
> Environment: CentOS7.2
> Java 1.8
> Reporter: Amos Jianjun Kong
> Assignee: Amos Jianjun Kong
> Fix For: 3.10
>
> Attachments: 0001-auth-strictly-delimit-in-decoding-client-token.patch
>
>
> RFC4616 requests AuthZID, USERNAME, PASSWORD are delimited by single '\000'.
> Current code actually delimits by serial '\000', when username or password
> is null, it caused decoding derangement.
> The problem was found in code review.
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)
