[haiku-bugs] [Haiku] #10931: Services Kit: No locking around access to HTTP context information such as authentication

  • From: "stippi" <trac@xxxxxxxxxxxx>
  • Date: Tue, 10 Jun 2014 09:19:36 -0000

#10931: Services Kit: No locking around access to HTTP context information such 
as
authentication
------------------------------+------------------------------
 Reporter:  stippi            |        Owner:  axeld
     Type:  bug               |       Status:  new
 Priority:  high              |    Milestone:  R1
Component:  Kits/Network Kit  |      Version:  R1/Development
 Keywords:                    |   Blocked By:
 Blocking:                    |  Has a Patch:  0
 Platform:  All               |
------------------------------+------------------------------
 As time permits, I am trying to give the HTTP portion of the Services Kit
 a code review. Since I am not sure whether I find the time to investigate
 the problems I find more closely, or even fix them, I want to document my
 findings.

 I think I have found one serious problem so far: There seems to be no
 locking around accessing the authentication per URL in the global HTTP
 context. This means there are several race conditions that can lead to
 memory corruption. There needs to be locking for accessing the hashmap of
 authentications per URL. And the authentication needs to be accessed via
 reference counting, so that the authentication object obtained in a HTTP
 thread can be used without the chance of it going away. This can happen
 when another HTTP thread replaces the authentication for a given URL. The
 old one needs to stay valid until all references are released.

--
Ticket URL: <https://dev.haiku-os.org/ticket/10931>
Haiku <https://dev.haiku-os.org>
Haiku - the operating system.

Other related posts: