Open a support case Sign in
Start a conversation
  1. NuWave Support Center
  2. Frequently Asked Questions
  3. Product Advisories

LightWave Client: CLIENT may send an invalid Authorization header when a cached connection is reset by the web service provider

Summary

An issue exists in the CLIENT process which may cause the HTTP "Authorization" header to be corrupted. This is indicated when the value of the header is filled with the 'Z' or 'f' character. When this occurs the web service will typically return a 401 or 400 error on a request that should normally succeed.

Advisory Release Date

September 5, 2020

Affected Versions

  • 1.0.4+
  • 1.1.0+

Fixed Versions

  • 1.1.0.1
  • 1.1.2.1
  • 1.2.0+

Background

This issue may occur in the following scenario:

  1. In order to improve performance, the CLIENT process maintains an internal pool of persistent connections to the web service provider. The web service provider may terminate these connections at any time.
  2. Under certain conditions, the CLIENT process may attempt to reuse one of these pooled connections before receiving an indication from the TCP/IP stack or HTTP protocol that the connection has been terminated.
  3. The CLIENT process determines that the connection has been terminated when the send request fails, disposes of the existing connection, and creates a new connection.
  4. When disposing of the existing connection, the value of the Authorization header is sanitized. When the request is retried on the new connection, CLIENT sends the Authorization header with the sanitized value instead of the correct value.

Status

A hotfix is available for this issue for the following releases:

  • 1.1.0
  • 1.1.2

Once the hotfix is installed, the issue will not occur.

Note that this hotfix is only for the releases listed. If you would like a hotfix prepared for another release, please open a support case and let us know the release you're using.

Hotfix Installation

Install the hotfix by following these steps:

  1. Download the hotfix PAK file using the link below and transfer the file to your NonStop system using binary transfer.
  2. Unpak the hotfix PAK file, which contains the following file:               
    • CLIENT - The CLIENT process program file.
  3. Stop any existing CLIENT processes.
  4. Replace the existing CLIENT program file with the hotfix CLIENT program file.
  5. Restart the CLIENT processes.

The VPROC for this hotfix is:

  • 1.1.0.1
    • TNS/E - T0000H06_05SEP2020_NuWave_LWC_1_1_0_1_H_9fe15b87
    • TNS/X - T0000L06_05SEP2020_NuWave_LWC_1_1_0_1_H_9fe15b87
  • 1.1.2.1
    • TNS/E - T0000H06_17SEP2020_NuWave_LWC_1_1_2_1_H_988a5ff2
    • TNS/X - T0000L06_17SEP2020_NuWave_LWC_1_1_2_1_H_988a5ff2


Choose files or drag and drop files
Was this article helpful?
Yes
No
Please sign in to comment
-->