745841 – (EDG-54) etag calculation algorithm allows collision, when two updates are performed too quickly after each other

Bug 745841 (EDG-54) - etag calculation algorithm allows collision, when two updates are performed too quickly after each other

Summary: etag calculation algorithm allows collision, when two updates are performed t...

Keywords:
Status:	CLOSED NEXTRELEASE
Alias:	EDG-54
Product:	JBoss Data Grid 5
Classification:	JBoss
Component:	Infinispan
Sub Component:
Version:	unspecified
Hardware:	Unspecified
OS:	Unspecified
Priority:	high
Severity:	high
Target Milestone:	---
Target Release:	EAP 5.1.0 EDG TP
Assignee:	Default User
QA Contact:
Docs Contact:
URL:	http://jira.jboss.org/jira/browse/EDG-54
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2011-01-04 10:41 UTC by Michal Linhard
Modified:	2014-03-17 04:02 UTC (History)
CC List:	3 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2011-01-12 13:14:19 UTC
Type:	Bug

Attachments	(Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Bugzilla	745809	1	None	None	None	2021-01-20 06:05:38 UTC
Red Hat Issue Tracker	EDG-54	0	None	None	None	Never

Internal Links: 745809

Description Michal Linhard 2011-01-04 10:41:52 UTC

project_key: EDG

affects infinispan 4.2.0.FINAL
due to a bug in my testsuite, I discovered this only now, even though I wrote a testcases for ETags sooner:

calculation of etag depends only on content type, last modified time and data length:
def calcETAG(entry: MIMECacheEntry) = new EntityTag(entry.contentType + entry.lastModified + entry.data.length)

which means that when updates are performed in same second and content type and length stays the same, the collision occurs - ETag stays the same although the values are not identical.

Comment 1 Michal Linhard 2011-01-04 10:54:13 UTC

TestCase: testETagChanges() in
https://anonsvn.jboss.org/repos/jbossas/branches/JBPAPP_5_1_datagrid/testsuite/src/main/org/jboss/test/cluster/datagrid/test/RESTClientTestCase.java

Comment 2 Galder Zamarreño 2011-01-04 11:34:46 UTC

Link: Added: This issue depends ISPN-858

Comment 3 Galder Zamarreño 2011-01-04 15:05:38 UTC

The modifications made as part of this JIRA resulted in the loss of precision. I'm going back to that JIRA to try to understand what the original issue was.

Michal, do you have the code for the test case of that original JIRA?

Comment 4 Galder Zamarreño 2011-01-04 15:05:38 UTC

Link: Added: This issue is related to JBPAPP-5262

Comment 5 Galder Zamarreño 2011-01-04 15:44:36 UTC

Right, I think I've found the original test, it's testIfUnmodifiedSince in that same file.

Comment 6 Michal Linhard 2011-01-04 16:07:07 UTC

the change in MIMECacheEntry that was part of the JBPAPP-5262:

    public MIMECacheEntry(String contentType, byte[] data) {
        this.contentType = contentType;
        this.data = data;
+++     lastModified = System.currentTimeMillis() / 1000 * 1000;
---        lastModified = System.currentTimeMillis();
    }

only made this more probable (the updates have to be more than a second apart to not collide)
without JBPAPP-5262 it would be one millisecond, but wouldn't that be still a problem ?

Comment 7 Galder Zamarreño 2011-01-04 16:52:53 UTC

Indeed it'd be a problem cos it'd be considered a weak validator as per http://www.w3.org/Protocols/rfc2616/rfc2616-sec13.html#sec13.3.3 which indicates how ETags are compared. It appears that a version ala Memcached/HotRod is needed in order to identify individual changes, regardless of the time difference.

Note You need to log in before you can comment on or make changes to this bug.