Details
-
Bug
-
Status: Resolved
-
Critical
-
Resolution: Fixed
-
3.4.0
-
Reviewed
Description
What happened
There is no value checking for parameter zk-dt-secret-manager.zkNumRetries. This may cause improper calculations and crashes the system like division by 0.
Buggy code
In ZKDelegationTokenSecretManager.java, there is no value checking for numRetries which is passed directly in RetryNTimes constructor. When numRetries is mistakenly set to 0, the code would cause division by 0 and throw ArithmeticException to crash the system.
public ZKDelegationTokenSecretManager(Configuration conf) {
...
int numRetries =
conf.getInt(ZK_DTSM_ZK_NUM_RETRIES, ZK_DTSM_ZK_NUM_RETRIES_DEFAULT);
builder =
...
.retryPolicy(
new RetryNTimes(numRetries, sessionT / numRetries));
...
How to reproduce
- set zk-dt-secret-manager.zkNumRetries=0
- run org.apache.hadoop.security.token.delegation.TestZKDelegationTokenSecretManager.testMultiNodeOperations
- You will see the following stack trace.
java.lang.RuntimeException: Could not Load ZK acls or auth: java.lang.ArithmeticException: / by zero at org.apache.hadoop.security.token.delegation.ZKDelegationTokenSecretManager.<init>(ZKDelegationTokenSecretManager.java:227) at org.apache.hadoop.security.token.delegation.web.DelegationTokenManager$ZKSecretManager.<init>(DelegationTokenManager.java:99) at org.apache.hadoop.security.token.delegation.web.DelegationTokenManager.<init>(DelegationTokenManager.java:120) at org.apache.hadoop.security.token.delegation.TestZKDelegationTokenSecretManager.testMultiNodeOperations(TestZKDelegationTokenSecretManager.java:113) ...
For an easy reproduction, run the reproduce.sh in the attachment. We are happy to provide a patch if this issue is confirmed.
Attachments
Attachments
Issue Links
- links to