Skip to content

Commit

Permalink
Fix fallback to plaintext
Browse files Browse the repository at this point in the history 
Summary:
Fallback to plaintext happens in handleSecureMessage, when the client
thinks the sasl handshake fails but the server thinks it succeeded. So the
server will receive a plaintext request with client type set to header and
protection state is still VALID. So simply skipping handleSecureMessage when
protection state is VALID is a bug.

Reviewed By: alandau

Differential Revision: D2907010

fb-gh-sync-id: e43907141d2b209d7225dbdfaade6a6e7002b405
  • Loading branch information
Haijun Zhu authored and facebook-github-bot-1 committed Feb 5, 2016
1 parent 2fdea5c commit f7a070d
Showing 1 changed file with 1 addition and 2 deletions.
3 changes: 1 addition & 2 deletions thrift/lib/cpp2/async/SaslNegotiationHandler.cpp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -20,8 +20,7 @@ namespace apache { namespace thrift {
using ProtectionState = apache::thrift::ProtectionHandler::ProtectionState;

void SaslNegotiationHandler::read(Context* ctx, BufAndHeader bufAndHeader) {
if (protectionHandler_->getProtectionState() == ProtectionState::NONE ||
protectionHandler_->getProtectionState() == ProtectionState::VALID) {
if (protectionHandler_->getProtectionState() == ProtectionState::NONE) {
// This handler should be removed from the pipeline after sasl
// negotiation is completed. If it is still installed, it should
// do nothing.
Expand Down

0 comments on commit f7a070d

Please sign in to comment.