Uploaded image for project: 'JBoss Remoting (3+)'
  1. JBoss Remoting (3+)
  2. REM3-344

ConnectionPeerIdentityContext Doesn't Clean Up authMap Entry if SaslClient is null, Which Leaks Memory

    XMLWordPrintable

Details

    • Bug
    • Resolution: Done
    • Major
    • 5.0.15.Final
    • 5.0.14.Final
    • None
    • Hide

      I discovered this bug while doing remote ejbs from an EAP 7.2.3 web node to a cluster of backend nodes, and it appears to be exposed by a potential bug in upstream code, but since those reproduction steps are complicated and not immediately applicable to this project, we will just state the relevant bits:

      • Pass an AuthenticationConfiguration to the ConnectionPeerIdentityContext.authenticate method which will result in a SaslClient not being able to be created (client.createSaslClient returns null)
        • The example case that I ran into was that the ConnectionPeerIdentityContext only had a DIGEST-MD5 offeredMechanisms and the principal specified in the AuthenticationConfiguration was anonymous. Since DIGEST-MD5 inherently requires credentials and anonymous can't give them, no SaslClient can be constructed.
      • The authMap entry gets leaked
      Show
      I discovered this bug while doing remote ejbs from an EAP 7.2.3 web node to a cluster of backend nodes, and it appears to be exposed by a potential bug in upstream code, but since those reproduction steps are complicated and not immediately applicable to this project, we will just state the relevant bits: Pass an AuthenticationConfiguration to the ConnectionPeerIdentityContext.authenticate method which will result in a SaslClient not being able to be created (client.createSaslClient returns null) The example case that I ran into was that the ConnectionPeerIdentityContext only had a DIGEST-MD5 offeredMechanisms and the principal specified in the AuthenticationConfiguration was anonymous. Since DIGEST-MD5 inherently requires credentials and anonymous can't give them, no SaslClient can be constructed. The authMap entry gets leaked

    Description

      Inside the authentication logic of ConnectionPeerIdentityContext, if a saslClient fails to be created (either createSaslClient returns null or there is a SaslException when creating the client), the authMap entry never gets cleaned up. If this happens a ton of times, significant memory leakage occurs.

      Attachments

        Issue Links

          is incorporated by

          Component Upgrade - A task tracking an update to a bundled component or revision of component upstream of the project. WFCORE-4658 Upgrade jboss-remoting to 5.0.15.Final

          • Blocker - To be worked above all other priorities. This term is chosen when the severity of the issue is very high, has no workaround, or the effort for the change is comparatively low. Issues that may be very publicly visible and could generate significant media attention may also drive a higher priority.
          • Closed

          Component Upgrade - A task tracking an update to a bundled component or revision of component upstream of the project. JBEAP-17478 [GSS](7.2.z) Upgrade JBoss Remoting from 5.0.14.SP1 to 5.0.16.Final

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Closed

          Activity

            People

              flaviarnn Flavia Rainone
              jswett33 Joshua Swett (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: