[
https://issues.apache.org/jira/browse/ZOOKEEPER-1398?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13218775#comment-13218775
]
Mike Lundy commented on ZOOKEEPER-1398:
---------------------------------------
In writing the test, I discovered the real problem: zookeeper-c treats the
session password as a \0-terminated string, but the java generates the session
password as a 16-byte binary blob, where \0 is data. Some ideas for fixing that
are 1) break the c api and add a passwd_len to the clientid_t or 2) change
ZooKeeperServer.generatePasswd to not make \0. Which is better is up to you, I
think.
Currently everything that uses the C api and does not pass in a session
password will randomly break if they expect session passwords to work (since
the password will be truncated to the null every time it crosses the C<=>Python
interface). I would expect the perl api has the same problem. With this patch,
the password will not be truncated (though the tradeoff is you must pass a
16-byte string from python).
> zkpython corrupts session passwords that contain nulls
> ------------------------------------------------------
>
> Key: ZOOKEEPER-1398
> URL: https://issues.apache.org/jira/browse/ZOOKEEPER-1398
> Project: ZooKeeper
> Issue Type: Bug
> Components: c client, contrib-bindings
> Affects Versions: 3.3.4
> Reporter: Mike Lundy
> Assignee: Mike Lundy
> Attachments: 0001-make-sure-the-client-password-isn-t-corrupted.patch
>
>
> If the session password contains a nul character (\0), it will be mutated as
> it is passed to python. zkpython currently uses the ParseArgs flag that stops
> on nul.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
