ngavalas opened a new pull request, #2805:
URL: https://github.com/apache/thrift/pull/2805
<!-- Explain the changes in the pull request below: -->
There is an issue with the header transport implementation in `nodejs`. All
TBufferedTransport and TFramedTransport instances across all connections and
clients share a single object for their read and write headers. There is a
different copy for the two transport types, but within one type, they are
shared.
This means that there are both data races and incorrect results possible:
* You can write headers to a request that has written headers but hasn't
flushed yet. This is especially troubling if the headers are used for auth,
because you're able to mix up requests and auth as the wrong entity.
* You can read headers from other requests. They only clobber each other if
they have the same name, but the union of all seen headers is returned in
`getReadHeaders `.
The issue is that we aren't calling the header transport constructor with
the new `this` from the concrete implementations, so the
`TBufferedTransport.prototype = new THeaderTransport();` line is not properly
binding `this` and causes the object sharing.
You can see this in the two test cases that fail before this PR and succeed
now. Two **completely unrelated** `TFramedTransport` objects shared read and
write results.
I did not create a JIRA ticket yet because I am still waiting on approval,
but I wanted to get the PR up ASAP; we are currently experiencing this bug in
production.
<!-- We recommend you review the checklist/tips before submitting a pull
request. -->
- [ ] Did you create an [Apache
Jira](https://issues.apache.org/jira/projects/THRIFT/issues/) ticket?
([Request account here](https://selfserve.apache.org/jira-account.html), not
required for trivial changes)
- [ ] If a ticket exists: Does your pull request title follow the pattern
"THRIFT-NNNN: describe my issue"?
- [X] Did you squash your changes to a single commit? (not required, but
preferred)
- [X] Did you do your best to avoid breaking changes? If one was needed,
did you label the Jira ticket with "Breaking-Change"?
- [ ] If your change does not involve any code, include `[skip ci]` anywhere
in the commit message to free up build resources.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
