[FIX] smac.py's handle_read is naughty,
was Re: [ZODB-Dev] Problem with large transactions combined with
authentication mode
Christian Robottom Reis
kiko at async.com.br
Wed Dec 17 19:22:00 EST 2003
On Wed, Dec 17, 2003 at 05:55:16PM -0500, Jeremy Hylton wrote:
> On Tue, 2003-12-16 at 17:47, Christian Robottom Reis wrote:
> > The issue seems to be related to state being set to 1 over runs, which
> > causes has_mac to never be one for that case, even when we *did* have a
> > mac header. Now I have no idea *why* state is 1 over runs, but I would
> > really like to know.
>
> Good analysis! handle_read() is going to consume some arbitrary amount
> of input from the socket. The state indicates whether the next read
> should find a message header or a message body. There's no way to
> predict what state (ahem) the object is left in after a particular
> handle_read() call. The has_mac flag is also part of the state, so your
> patch is right on.
Ah, of course! I was confused because I hadn't realized we only process a
message when we've read enough [per msg_size] from the socket. So when a
larger message was received, handle_read() would be called multiple
times and on the second run, we'd forgotten all about the MAC.
What's the policy for 3.2 -- should this go onto the ZODB3-3_2-branch,
and are we going to see this fixed in a new release? It does render
authentication pretty useless without it..
(Now all I need to do is figure out what Jim has done to the Persistence
package on the trunk.. evil man <wink>)
Take care,
--
Christian Robottom Reis | http://async.com.br/~kiko/ | [+55 16] 261 2331
More information about the ZODB-Dev
mailing list