Uploaded image for project: 'Hadoop Common'
  1. Hadoop Common
  2. HADOOP-11014

Potential resource leak in JavaKeyStoreProvider due to unclosed stream

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Closed
    • Minor
    • Resolution: Fixed
    • 2.6.0
    • 2.7.0
    • security
    • None
    • Reviewed

    Description

      From hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/crypto/key/JavaKeyStoreProvider.java :

        private void writeToNew(Path newPath) throws IOException {
          FSDataOutputStream out =
              FileSystem.create(fs, newPath, permissions);
          try {
            keyStore.store(out, password);
          } catch (KeyStoreException e) {
            throw new IOException("Can't store keystore " + this, e);
          } catch (NoSuchAlgorithmException e) {
            throw new IOException(
                "No such algorithm storing keystore " + this, e);
          } catch (CertificateException e) {
            throw new IOException(
                "Certificate exception storing keystore " + this, e);
          }
          out.close();
      

      IOException is not among the catch blocks.
      According to http://docs.oracle.com/javase/7/docs/api/java/security/KeyStore.html#store(java.io.OutputStream,%20char[]), IOException may be thrown from the store() call. In that case, out would be left unclosed.

      In loadFromPath():

          keyStore.load(fs.open(p), password);
      

      The InputStream should be closed upon return from load()

      Attachments

        1. HADOOP-11014.4.patch
          5 kB
          Tsuyoshi Ozawa
        2. HADOOP-11014.3.patch
          5 kB
          Tsuyoshi Ozawa
        3. HADOOP-11014.2.patch
          2 kB
          Tsuyoshi Ozawa
        4. HADOOP-11014.1.patch
          1 kB
          Tsuyoshi Ozawa

        Activity

          People

            ozawa Tsuyoshi Ozawa
            yuzhihong@gmail.com Ted Yu
            Votes:
            0 Vote for this issue
            Watchers:
            6 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: