Observed Buffer Corruption in Tuxedo Sever Only on HP-UX Env When Length Is 232 Or High
(Doc ID 2302353.1)
Last updated on SEPTEMBER 19, 2023
Applies to:
Oracle Service Architecture Leveraging Tuxedo (SALT) - Version 12.1.3 and laterInformation in this document applies to any platform.
Symptoms
On SALT 12.1.3 version, data corruption happen when the string is grater then 232 characters, the following error occurs only on HP-UX.
STEPS
-----------------------
The issue can be reproduced at will with the following steps:
Server side:
===========
1. Setup the environment as per sample $TUXDIR/samples/salt/secsapp
2. In UBB comment the default AUTHSVR and configure AUTHSVR_SALT custom
server complete UBB is attached:
*RESOURCES
SECURITY USER_AUTH
AUTHSVC "AUTHSVC_SALT"
*SERVERS
AUTHSVR_SALT SRVGRP=WSGRP
SRVID=100
CLOPT="-A"
3. Build the custom AUTH serevr 'AUTHSVR_SALT' source code 'AUTHSVR.c' is attached. This code just read the user and password from buffer and print on ULOG like below:
buildserver -f AUTHSVR.c -o AUTHSVR_SALT -s AUTHSVC_SALT
164708.<HOSTNAME>!GWWS.2853.2065635072.0: TRACE:ws:SCO[4095] FSM State Transition:--OK-->WSSEPolicyC
heck1
164708.<HOSTNAME>!AUTHSVR_SALT.2857.3104723392.0: User is: <USERNAME>
164708.<HOSTNAME>!AUTHSVR_SALT.2857.3104723392.0: Ticket are: <PASSWORD>
164708.<HOSTNAME>!AUTHSVR_SALT.2857.3104723392.0: Clientname is: GWWSCLIENT
164708.<HOSTNAME>!GWWS.2853.2065635072.0: TRACE:ws:SCO[4095] FSM State Transition: --OK-->WSRMHandle1
4. Boot the server by 'tmboot -y'
5. Generate the WSDL file using the follwing command:
tmwsdlgen -c secsapp.wsdf -o stockapp.wsdl
Client side:
============
6. On client side use SoapUI configure the Authentication I have provided the screenshot:
A. Add the attached WSDL 'stockapp.wsdl' which is created from secsapp server application.
B. Select Auth tab on bottom left of SOAP Request window.
C. In authorization drop down list, choose "Add new ..." and then Choose "basic .."
D. In Pre-emptive auth choose "authenticate pre-emptively"
E. Provide Username and Password
If the Password is set below 232 character then there is no issue, if it more then 232 then password printed in ULOG "Ticket are" which is junk, provided output from customer environment:
125818.u30904!GWWS.28330.5.0: TRACE:ws:GWWS_CAT:1605: TRACE: Exiting <TRACE_FSM>
125818.u30904!GWWS.28330.5.0: TRACE:ws:GWWS_CAT:1609: TRACE: :::<GW_GET_ALL_RDOM>:::enforcement check completed
125818.u30904!GWWS.28330.1.0: ERROR: _ecc_encrypt_custom error code -3
125818.u30904!AUTHSVR_SALT.6195.1.0: User is: <USERNAME>
125818.u30904!AUTHSVR_SALT.6195.1.0: Ticket are:
÷6REFtÚUg´øÖ$ét<oÍd^¤lá#ii)9nINT?'Ü+Aõk{ LTfâåA÷ÖOY?a4læûUÎ
$E'áuMA?øåsUãü2 ebÃft^YEBÔÐÍui2k~wYn¨)ÜÍqbF"6hÐZy
ldãUÚî!nöVe2EÁO¤5R!Kd8a.Î×ITAuNdgBô¯d´uúhuS?3e_Ømúõ.¿?pBLØ]%Dë
125818.u30904!AUTHSVR_SALT.6195.1.0: Clientname is: GWWSCLIENT
125818.u30904!GWWS.28330.5.0: TRACE:ws:GWWS_CAT:1610: TRACE: :::<GW_GET_ALL_RDOM>:::authentication completed
125818.u30904!GWWS.28330.5.0: TRACE:ws:GWWS_CAT:1605: TRACE: Exiting
Environment:
wsadmin -v
INFO: Oracle SALT, Version 12.1.3.0.0, 64-bit, Patch Level 018
INFO: Oracle Tuxedo, Version 12.1.3.0.0, 64-bit, Patch Level 055
OS: HP-UX Itanium V 11.31
Issue is observed in HP-UX environment, on OEL 6 this issue is not happening.
Changes
Cause
To view full details, sign in with your My Oracle Support account. |
|
Don't have a My Oracle Support account? Click to get started! |
In this Document
| Symptoms |
| Changes |
| Cause |
| Solution |
| References |