https://issues.apache.org/bugzilla/show_bug.cgi?id=54521
Bug ID: 54521
Summary: DigestAuthenticator: nonceCountValid() fails in case
of simultaneous asynchronous requests of the same
client
Product: Tomcat 7
Version: 7.0.35
Hardware: PC
OS: All
Status: NEW
Severity: normal
Priority: P2
Component: Catalina
Assignee: dev@tomcat.apache.org
Reporter: sven.stie...@traveltainment.de
Classification: Unclassified
Concerned components:
org.apache.catalina.authenticator.DigestAuthenticator
org.apache.catalina.authenticator.DigestAuthenticator.NonceInfo
Scenario:
A multithreaded client sends two requests within one millisecond. The
DigestAuthenticator creates for each request a nonce as well as a NonceInfo
instance. The two nonces are equal, as they were created within the same
millisecond. When writing data into the cache (method generateNonce()), the
second NonceInfo instance overwrites the first one (same key!).
Problem:
The two client threads then send a second request with a digest authentication
header. In both requests, “nc” (nonce count) is equal “1”, as the nonce has
been newly created. In the NonceInfo of the first request, array “seen” is set
to “true” for index ((nonceCount + offset) % seen.length). In the second
request the same NonceInfo instance is used, as the instance is retrieved from
map “nonces” using “nonce” as a key, that is, in both requests the same key is
used. Consequently, method “nonceCountValid()“ returns „false“, as
seen[(nonceCount + offset) % seen.length)] has already been set to „true“.
Therefore the authentication fails, although the client has sent a valid digest
authentication header.
Conclusion:
Working with multi-threaded clients with many requests, digest authentication
does not function reliably.
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
