Uploaded image for project: 'Hive'
  1. Hive
  2. HIVE-22073

SQL Injection in TxnHandler#enqueueLockWithRetry

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Open
    • Critical
    • Resolution: Unresolved
    • 3.1.1
    • None
    • None
    • None

    Description

      The org.apache.hadoop.hive.metastore.txn.TxnHandler#enqueueLockWithRetry method gets called for Thrift lock API call with input passed from the user.

      Within that method there is SQL injection possible:

      https://github.com/apache/hive/blob/774a8ef7a6e92c8a43cad2fa66bd944e666f75f0/standalone-metastore/src/main/java/org/apache/hadoop/hive/metastore/txn/TxnHandler.java#L1987-L1991

      for example, when partition name contains an apostrophe.

       

      Impact:

      • vulnerability: privilege escalation possible
      • availability: user cannot query ACID table where string/varchar partition key contains an apostrophe

       

       

       

      Attachments

        Issue Links

          relates to

          Bug - A problem which impairs or prevents the functions of the product. HIVE-20607 TxnHandler should use PreparedStatement to execute direct SQL queries.

          • Major - Major loss of function.
          • Closed

          Activity

            People

              Unassigned Unassigned
              findepi Piotr Findeisen
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated: