[PR] [fix](auth) tolerate trailing zero bytes in OIDC client auth packet [doris]

Sun, 07 Jun 2026 20:40:24 -0700 


liutang123 opened a new pull request, #64200:
URL: https://github.com/apache/doris/pull/64200

   Some JDBC clients (notably mysql-connector-j 9.x) pre-allocate an in-memory 
buffer that is larger than the actual string when sending strings, so the auth 
response on the wire may contain extra zero bytes after the length-encoded OIDC 
token. The previous strict check 'payload.remaining() != 0'treated such packets 
as malformed and made the extractor fall back to using the whole buffer 
(including the leading length byte) as the token, which caused OIDC 
authentication to be rejected incorrectly.
   Relax the check to accept the packet as long as the trailing bytes are all 
zero, which matches the padding behavior of those JDBC clients while still 
rejecting truly malformed payloads. 
   
   ### What problem does this PR solve?
   
   Issue Number: close #xxx
   
   Related PR: #xxx
   
   Problem Summary:
   
   ### Release note
   
   None
   
   ### Check List (For Author)
   
   - Test <!-- At least one of them must be included. -->
       - [ ] Regression test
       - [ ] Unit Test
       - [ ] Manual test (add detailed scripts or steps below)
       - [ ] No need to test or manual test. Explain why:
           - [ ] This is a refactor/code format and no logic has been changed.
           - [ ] Previous test can cover this change.
           - [ ] No code files have been changed.
           - [ ] Other reason <!-- Add your reason?  -->
   
   - Behavior changed:
       - [ ] No.
       - [ ] Yes. <!-- Explain the behavior change -->
   
   - Does this need documentation?
       - [ ] No.
       - [ ] Yes. <!-- Add document PR link here. eg: 
https://github.com/apache/doris-website/pull/1214 -->
   
   ### Check List (For Reviewer who merge this PR)
   
   - [ ] Confirm the release note
   - [ ] Confirm test cases
   - [ ] Confirm document
   - [ ] Add branch pick label <!-- Add branch pick label that this PR should 
merge into -->
   
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]


---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to