Description of problem: If a client successfully authenticates with a SASL mechanism that has a security layer, and provides no arguments in the "connection.tune-ok" message, the broker uses zero as the max-frame-size. This causes CyrusSecurityLayer::decode to loop infinitely, hanging the broker and using 100% of a CPU. Version-Release number of selected component (if applicable): Version 1.1.1 How reproducible: 100%
To reproduce: First, you need to be using Kerberos-5 for authentication. This involves having a KDC that is configured with a service principal for the qpidd broker (called "qpidd/host.domain@REALM") and a user principal. You must kinit the user principal. Use an svn checkout for the Ruby client: # cd <svn-qpid-checkout>/ruby # rake build Here's the test sequence (you will do this multiple times): # cd <svn-qpid-checkout>/ruby/lib # irb -r qpid --noinspect -I ../ext/sasl > s = Qpid::Qmf::Session.new(:manage_connections=>false) > b = s.add_broker If this last line returns successfully, the broker is working. If it hangs, the bug is reproduced. A modification to the Ruby library is necessary to provoke the bug. Here's the patch: Index: lib/qpid/delegates.rb =================================================================== --- lib/qpid/delegates.rb (revision 736356) +++ lib/qpid/delegates.rb (working copy) @@ -210,7 +210,7 @@ def connection_tune(ch, tune) ch.connection_tune_ok(:channel_max => tune.channel_max, - :max_frame_size => tune.max_frame_size, + :max_frame_size => 0, :heartbeat => 0) ch.connection_open() @connection.security_layer_tx = @saslConn Here's the test: 1) Apply the Ruby patch 2) Run the test sequence If the sequence hangs (and the broker hangs with 100% cpu usage), you have reproduced the bug.
Fixed upstream at revision 736370.
Tested on Rhel 5.3 (there aren't packages with Kerberos support for Rhel 4.7) i386/x86_64. It works so --> VERIFIED
Fixed and verified; closing.