Details

    • Type: Bug Bug
    • Status: Closed
    • Priority: Minor Minor
    • Resolution: Fixed
    • Affects Version/s: 0.23.0
    • Fix Version/s: 2.0.0-alpha
    • Component/s: None
    • Labels:
      None
    • Hadoop Flags:
      Reviewed

      Description

      Harden serialization logic against malformed or malicious input.

      Add range checking to readVInt, to detect overflows, underflows, and larger-than-expected values.

      1. HADOOP-8275.003.patch
        5 kB
        Colin Patrick McCabe
      2. HADOOP-8275.002.patch
        5 kB
        Colin Patrick McCabe
      3. HADOOP-8275.001.patch
        3 kB
        Colin Patrick McCabe

        Issue Links

          Activity

          Gavin made changes -
          Link This issue is depended upon by HDFS-3134 [ HDFS-3134 ]
          Gavin made changes -
          Link This issue blocks HDFS-3134 [ HDFS-3134 ]
          Arun C Murthy made changes -
          Status Resolved [ 5 ] Closed [ 6 ]
          Colin Patrick McCabe made changes -
          Link This issue blocks HDFS-3346 [ HDFS-3346 ]
          Eli Collins made changes -
          Status Patch Available [ 10002 ] Resolved [ 5 ]
          Target Version/s 2.0.0 [ 12320352 ]
          Fix Version/s 2.0.0 [ 12320352 ]
          Resolution Fixed [ 1 ]
          Eli Collins made changes -
          Hadoop Flags Reviewed [ 10343 ]
          Summary harden serialization logic against malformed or malicious input Range check DelegationKey length
          Colin Patrick McCabe made changes -
          Attachment HADOOP-8275.003.patch [ 12524955 ]
          Colin Patrick McCabe made changes -
          Description harden serialization logic against malformed or malicious input Harden serialization logic against malformed or malicious input.

          Add range checking to readVInt, to detect overflows, underflows, and larger-than-expected values.
          Colin Patrick McCabe made changes -
          Fix Version/s 2.0.0 [ 12320352 ]
          Target Version/s 2.0.0 [ 12320352 ]
          Colin Patrick McCabe made changes -
          Fix Version/s 2.0.0 [ 12320352 ]
          Affects Version/s 0.23.0 [ 12315569 ]
          Colin Patrick McCabe made changes -
          Attachment HADOOP-8275.002.patch [ 12522643 ]
          Aaron T. Myers made changes -
          Status Open [ 1 ] Patch Available [ 10002 ]
          Colin Patrick McCabe made changes -
          Link This issue blocks HDFS-3134 [ HDFS-3134 ]
          Colin Patrick McCabe made changes -
          Field Original Value New Value
          Attachment HADOOP-8275.001.patch [ 12522627 ]
          Colin Patrick McCabe created issue -

            People

            • Assignee:
              Colin Patrick McCabe
              Reporter:
              Colin Patrick McCabe
            • Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:

                Development