[HDFS-13668] FSPermissionChecker may throws AIOOE when check inode permission - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Resolved
Priority: Major
Resolution: Fixed
Affects Version/s: 3.1.0, 2.10.0, 2.7.7
Fix Version/s: 3.2.0, 3.0.4, 3.1.2
Component/s: namenode
Labels:
None

Hadoop Flags:

Reviewed

Description

FSPermissionChecker may throw ArrayIndexOutOfBoundsException:0 when check if has permission, since it only check inode's aclFeature if null or not but not check it's entry size. When it meets aclFeature not null but it's entry size equal to 0, it will throw AIOOE.

private boolean hasPermission(INodeAttributes inode, FsAction access) {
  ......
  final AclFeature aclFeature = inode.getAclFeature();
  if (aclFeature != null) {
    // It's possible that the inode has a default ACL but no access ACL.
    int firstEntry = aclFeature.getEntryAt(0);
    if (AclEntryStatusFormat.getScope(firstEntry) == AclEntryScope.ACCESS) {
      return hasAclPermission(inode, access, mode, aclFeature);
    }
  }
  ......
}

Actually if use default INodeAttributeProvider, it can ensure that when inode's aclFeature is not null and it's entry size also will be greater than 0, but INodeAttributeProvider is a public interface, we could not ensure external implement (e.g. Apache Sentry, Apache Ranger) also has the similar constraint.

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending

HDFS-13668-trunk.001.patch
10/Jun/18 06:47
5 kB
Xiaoqiao He
HDFS-13668-trunk.002.patch
09/Aug/18 05:07
5 kB
Xiaoqiao He
HDFS-13668-trunk.003.patch
10/Aug/18 10:56
5 kB
Xiaoqiao He

Activity

People

Assignee:: Xiaoqiao He

Reporter:: Xiaoqiao He

Votes:: 0 Vote for this issue

Watchers:: 9 Start watching this issue

Dates

Created:: 10/Jun/18 06:39

Updated:: 02/Oct/19 17:15

Resolved:: 13/Aug/18 09:47