000022337 - How to store data in CT_USER_DATA for retrieval in Web Agent Extension (WAX) code when using RSA ClearTrust Agent 4.6 for Apache

Document created by RSA Customer Support Employee on Jun 16, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000022337
Applies ToRSA ClearTrust Agent 4.6 for Apache 2.0.x
IBM AIX 5.x
Sun Solaris 2.8
SuSE Linux 8.0
RSA ClearTrust Web Agent Extension (WAX) API
IssueHow to store data in CT_USER_DATA for retrieval in Web Agent Extension (WAX) code when using RSA ClearTrust Agent 4.6 for Apache
CT_USER_DATA field losing null termination in RSA ClearTrust Agent 4.6 for Apache
User data retrieved from the CT_USER_DATA field in RSA ClearTrust Agent 4.6 for Apache following cookie retrieval of the token has trailing garbage up to some multiple of 4 that is higher than the length of the user data
CauseIn the WAX API for RSA ClearTrust Agent 4.6 for Apache, the field CT_USER_DATA_LEN was deprecated; instead, null termination of the string put into CT_USER_DATA acts as the delimiter. When CT_USER_DATA is added to the token, a byte-aligned buffer is allocated that is larger than the null-terminated string. Null termination is removed while copying the string, causing the retrieved string to be the length of the buffer.
ResolutionThis issue is resolved in hot fix 4.6.0.77 for RSA ClearTrust Agent 4.6 for Apache by correcting the defect in stripping in null termination from the user data. Contact RSA Security Customer Support to request this hot fix, or request the latest fix level (which is cumulative, and contains fixes from previous fix levels). Review the provided Readme file for installation instructions.
Legacy Article IDa27996

Attachments

    Outcomes