< Previous by Date Date Index Next by Date >
< Previous in Thread Thread Index Next in Thread >

Re: [reSIProcate] What to do about missing auth tags?


Jason Fischl wrote:

On 9/28/05, bcampen <bcampen@xxxxxxxxxxxx> wrote:
   When Auth.cxx can't find an auth tag, it throws an exception, which
the various authentication functions in Helper.cxx do not catch (in
fact, this exception will make it all the way back up to DumThread
before it is caught.) I want to fix this, although I want to hear back
about whether this should be caught in Helper, or higher up in
ServerAuthManager::handle(msg). I think sending a 400 if something goes
wrong in handle() is a bit presumptuous, so it looks like it would be
more correct to catch the problem in Helper, and return BadlyFormed.
Maybe we should also put a try block around handle() that will send a
500 response if some unknown thing goes wrong. Anyone have an opinion on
this?


The user of Auth needs to check if the auth tag exists before trying
to access it. This way no exception will ever get thrown.
Okay, so I should be putting the check in Helper (it doesn't check for cnonce, nc, or uri before trying to use them.)

Regards,
Byron Campen