[FIX] smac.py's handle_read is naughty, was Re: [ZODB-Dev] Problem with large transactions combined with authentication mode

[Christian Robottom Reis]

On Wed, Dec 17, 2003 at 05:55:16PM -0500, Jeremy Hylton wrote:
> On Tue, 2003-12-16 at 17:47, Christian Robottom Reis wrote:
> > The issue seems to be related to state being set to 1 over runs, which
> > causes has_mac to never be one for that case, even when we *did* have a
> > mac header. Now I have no idea *why* state is 1 over runs, but I would
> > really like to know.
> 
> Good analysis!  handle_read() is going to consume some arbitrary amount
> of input from the socket.  The state indicates whether the next read
> should find a message header or a message body.  There's no way to
> predict what state (ahem) the object is left in after a particular
> handle_read() call.  The has_mac flag is also part of the state, so your
> patch is right on.

Ah, of course! I was confused because I hadn't realized we only process a
message when we've read enough [per msg_size] from the socket. So when a
larger message was received, handle_read() would be called multiple
times and on the second run, we'd forgotten all about the MAC.

What's the policy for 3.2 -- should this go onto the ZODB3-3_2-branch,
and are we going to see this fixed in a new release?  It does render
authentication pretty useless without it..

(Now all I need to do is figure out what Jim has done to the Persistence
package on the trunk.. evil man <wink>)

Take care,
--
Christian Robottom Reis | http://async.com.br/~kiko/ | [+55 16] 261 2331