Uploaded image for project: 'Hadoop Common'
  1. Hadoop Common
  2. HADOOP-11014

Potential resource leak in JavaKeyStoreProvider due to unclosed stream

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Minor
    • Resolution: Fixed
    • Affects Version/s: 2.6.0
    • Fix Version/s: 2.7.0
    • Component/s: security
    • Labels:
      None
    • Target Version/s:
    • Hadoop Flags:
      Reviewed

      Description

      From hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/crypto/key/JavaKeyStoreProvider.java :

        private void writeToNew(Path newPath) throws IOException {
          FSDataOutputStream out =
              FileSystem.create(fs, newPath, permissions);
          try {
            keyStore.store(out, password);
          } catch (KeyStoreException e) {
            throw new IOException("Can't store keystore " + this, e);
          } catch (NoSuchAlgorithmException e) {
            throw new IOException(
                "No such algorithm storing keystore " + this, e);
          } catch (CertificateException e) {
            throw new IOException(
                "Certificate exception storing keystore " + this, e);
          }
          out.close();
      

      IOException is not among the catch blocks.
      According to http://docs.oracle.com/javase/7/docs/api/java/security/KeyStore.html#store(java.io.OutputStream,%20char[]), IOException may be thrown from the store() call. In that case, out would be left unclosed.

      In loadFromPath():

          keyStore.load(fs.open(p), password);
      

      The InputStream should be closed upon return from load()

        Attachments

        1. HADOOP-11014.4.patch
          5 kB
          Tsuyoshi Ozawa
        2. HADOOP-11014.3.patch
          5 kB
          Tsuyoshi Ozawa
        3. HADOOP-11014.2.patch
          2 kB
          Tsuyoshi Ozawa
        4. HADOOP-11014.1.patch
          1 kB
          Tsuyoshi Ozawa

          Activity

            People

            • Assignee:
              ozawa Tsuyoshi Ozawa
              Reporter:
              yuzhihong@gmail.com Ted Yu
            • Votes:
              0 Vote for this issue
              Watchers:
              6 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: