Uploaded image for project: 'Hadoop Common'
  1. Hadoop Common
  2. HADOOP-8275

Range check DelegationKey length

Log workAgile BoardRank to TopRank to BottomAttach filesAttach ScreenshotBulk Copy AttachmentsBulk Move AttachmentsVotersWatch issueWatchersCreate sub-taskConvert to sub-taskMoveLinkCloneLabelsUpdate Comment AuthorReplace String in CommentUpdate Comment VisibilityDelete Comments
    XMLWordPrintableJSON

Details

    • Bug
    • Status: Closed
    • Minor
    • Resolution: Fixed
    • 0.23.0
    • 2.0.0-alpha
    • None
    • None
    • Reviewed

    Description

      Harden serialization logic against malformed or malicious input.

      Add range checking to readVInt, to detect overflows, underflows, and larger-than-expected values.

      Attachments

        1. HADOOP-8275.001.patch
          3 kB
          Colin McCabe
        2. HADOOP-8275.002.patch
          5 kB
          Colin McCabe
        3. HADOOP-8275.003.patch
          5 kB
          Colin McCabe

        Issue Links

        blocks

        Test - A new unit, integration or system test. HDFS-3346 add fuzz tester for FSImage serialization / deserializtion

        • Minor - Minor loss of function, or other problem where easy workaround is present.
        • Open
        is depended upon by

        Improvement - An improvement or enhancement to an existing feature or task. HDFS-3134 Harden edit log loader against malformed or malicious input

        • Major - Major loss of function.
        • Closed

        Activity
          This comment will be Viewable by All Users Viewable by All Users
          Cancel

          People

            cmccabe Colin McCabe Assign to me
            cmccabe Colin McCabe
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Slack

                Issue deployment