[HADOOP-11014] Potential resource leak in JavaKeyStoreProvider due to unclosed stream - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Closed
Priority: Minor
Resolution: Fixed
Affects Version/s: 2.6.0
Fix Version/s: 2.7.0
Component/s: security
Labels:
None

Target Version/s:

2.7.0
Hadoop Flags:

Reviewed

Description

From hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/crypto/key/JavaKeyStoreProvider.java :

  private void writeToNew(Path newPath) throws IOException {
    FSDataOutputStream out =
        FileSystem.create(fs, newPath, permissions);
    try {
      keyStore.store(out, password);
    } catch (KeyStoreException e) {
      throw new IOException("Can't store keystore " + this, e);
    } catch (NoSuchAlgorithmException e) {
      throw new IOException(
          "No such algorithm storing keystore " + this, e);
    } catch (CertificateException e) {
      throw new IOException(
          "Certificate exception storing keystore " + this, e);
    }
    out.close();

IOException is not among the catch blocks.
According to http://docs.oracle.com/javase/7/docs/api/java/security/KeyStore.html#store(java.io.OutputStream,%20char[]), IOException may be thrown from the store() call. In that case, out would be left unclosed.

In loadFromPath():

    keyStore.load(fs.open(p), password);

The InputStream should be closed upon return from load()

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending

HADOOP-11014.1.patch
28/Aug/14 02:14
1 kB
Tsuyoshi Ozawa
HADOOP-11014.2.patch
28/Aug/14 02:20
2 kB
Tsuyoshi Ozawa
HADOOP-11014.3.patch
28/Aug/14 02:31
5 kB
Tsuyoshi Ozawa
HADOOP-11014.4.patch
19/Mar/15 18:20
5 kB
Tsuyoshi Ozawa

Activity

People

Assignee:: Tsuyoshi Ozawa

Reporter:: Ted Yu

Votes:: 0 Vote for this issue

Watchers:: 6 Start watching this issue

Dates

Created:: 28/Aug/14 00:53

Updated:: 10/Apr/15 20:04

Resolved:: 25/Mar/15 08:03