Bug 905834 - Password decryption failures due to threading synchronization issue
Password decryption failures due to threading synchronization issue
Status: CLOSED CURRENTRELEASE
Product: Red Hat Enterprise Virtualization Manager
Classification: Red Hat
Component: ovirt-engine (Show other bugs)
3.1.2
Unspecified Unspecified
unspecified Severity high
: ---
: 3.2.0
Assigned To: Alon Bar-Lev
Tareq Alayan
infra
: ZStream
Depends On:
Blocks: 915537 949681
  Show dependency treegraph
 
Reported: 2013-01-30 04:39 EST by Alon Bar-Lev
Modified: 2016-02-10 14:02 EST (History)
14 users (show)

See Also:
Fixed In Version: sf8
Doc Type: Bug Fix
Doc Text:
Unsafe usage of the base64 decoder class caused the decryption buffer to become corrupted, producing "failed to decrypt" error messages on hosts with power management configured. This update removes unsafe and unnecessary encoding classes, so the decryption errors no longer appear.
Story Points: ---
Clone Of:
: 949681 (view as bug list)
Environment:
Last Closed:
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: Infra
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)


External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Knowledge Base (Solution) 382343 None None None Never
oVirt gerrit 11495 None None None Never
oVirt gerrit 11497 None None None Never
oVirt gerrit 11498 None None None Never
oVirt gerrit 11596 None None None Never

  None (edit)
Description Alon Bar-Lev 2013-01-30 04:39:55 EST
The engine is regularity decrypts passwords stored in vdc_options.

Due to a unsafe usage of the base64 decoder class the decryption buffer is corrupted.

Evidence of corruption[1], including:
---
2013-01-28 13:13:40,483 ERROR [org.ovirt.engine.core.engineencryptutils.EncryptionUtils] (QuartzScheduler_Worker-23) Failed to decrypt Data must not be longer than 256 bytes
2013-01-28 13:13:52,747 ERROR [org.ovirt.engine.core.engineencryptutils.EncryptionUtils] (QuartzScheduler_Worker-81) Failed to decrypt Data must not be longer than 256 bytes
---

[1] http://www.mail-archive.com/users@ovirt.org/msg06011.html
Comment 1 Alon Bar-Lev 2013-01-30 04:41:59 EST
PM/QA when flagged, please also state if you wish to backport to 3.1.z as well.
Comment 3 Itamar Heim 2013-01-30 18:06:17 EST
proposing to 3.1.z, as this was seen in the field as well.
Comment 12 Tareq Alayan 2013-03-22 03:35:48 EDT
looked for the error in several 3.2 engine.logs and per comment 10, i am putting this bug to verified.
Comment 18 Itamar Heim 2013-06-11 04:26:15 EDT
3.2 has been released
Comment 19 Itamar Heim 2013-06-11 04:26:28 EDT
3.2 has been released

Note You need to log in before you can comment on or make changes to this bug.