905834 – Password decryption failures due to threading synchronization issue

Bug 905834 - Password decryption failures due to threading synchronization issue

Summary: Password decryption failures due to threading synchronization issue

Keywords:
Status:	CLOSED CURRENTRELEASE
Alias:	None
Product:	Red Hat Enterprise Virtualization Manager
Classification:	Red Hat
Component:	ovirt-engine
Sub Component:
Version:	3.1.2
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	high
Target Milestone:	---
Target Release:	3.2.0
Assignee:	Alon Bar-Lev
QA Contact:	Tareq Alayan
Docs Contact:
URL:
Whiteboard:	infra
Depends On:
Blocks:	915537 949681
TreeView+	depends on / blocked

Reported:	2013-01-30 09:39 UTC by Alon Bar-Lev
Modified:	2016-02-10 19:02 UTC (History)
CC List:	14 users (show)
Fixed In Version:	sf8
Doc Type:	Bug Fix
Doc Text:	Unsafe usage of the base64 decoder class caused the decryption buffer to become corrupted, producing "failed to decrypt" error messages on hosts with power management configured. This update removes unsafe and unnecessary encoding classes, so the decryption errors no longer appear.
Clone Of:
Clones:	949681 (view as bug list)
Environment:
Last Closed:
oVirt Team:	Infra
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Priority	Status	Summary	Last Updated
Red Hat Knowledge Base (Solution)	382343	None	None	None	Never
oVirt gerrit	11495	None	None	None	Never
oVirt gerrit	11497	None	None	None	Never
oVirt gerrit	11498	None	None	None	Never
oVirt gerrit	11596	None	None	None	Never

Description Alon Bar-Lev 2013-01-30 09:39:55 UTC

The engine is regularity decrypts passwords stored in vdc_options.

Due to a unsafe usage of the base64 decoder class the decryption buffer is corrupted.

Evidence of corruption[1], including:
---
2013-01-28 13:13:40,483 ERROR [org.ovirt.engine.core.engineencryptutils.EncryptionUtils] (QuartzScheduler_Worker-23) Failed to decrypt Data must not be longer than 256 bytes
2013-01-28 13:13:52,747 ERROR [org.ovirt.engine.core.engineencryptutils.EncryptionUtils] (QuartzScheduler_Worker-81) Failed to decrypt Data must not be longer than 256 bytes
---

[1] http://www.mail-archive.com/users@ovirt.org/msg06011.html

Comment 1 Alon Bar-Lev 2013-01-30 09:41:59 UTC

PM/QA when flagged, please also state if you wish to backport to 3.1.z as well.

Comment 3 Itamar Heim 2013-01-30 23:06:17 UTC

proposing to 3.1.z, as this was seen in the field as well.

Comment 12 Tareq Alayan 2013-03-22 07:35:48 UTC

looked for the error in several 3.2 engine.logs and per comment 10, i am putting this bug to verified.

Comment 18 Itamar Heim 2013-06-11 08:26:15 UTC

3.2 has been released

Comment 19 Itamar Heim 2013-06-11 08:26:28 UTC

3.2 has been released

Note You need to log in before you can comment on or make changes to this bug.