Uploaded image for project: 'Hive'
  1. Hive
  2. HIVE-22841

ThriftHttpServlet#getClientNameFromCookie should handle CookieSigner IllegalArgumentException on invalid cookie signature

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Closed
    • Major
    • Resolution: Fixed
    • None
    • 4.0.0-alpha-1
    • HiveServer2
    • None

    Description

      Currently CookieSigner throws an IllegalArgumentException if the cookie signature is invalid.

      if (!MessageDigest.isEqual(originalSignature.getBytes(), currentSignature.getBytes())) {
            throw new IllegalArgumentException("Invalid sign, original = " + originalSignature +
              " current = " + currentSignature);
          }
      

      CookieSigner is only used in the ThriftHttpServlet#getClientNameFromCookie and doesn't handle the IllegalArgumentException. It is only checking if the value from the cookie is null or not.

      https://github.com/apache/hive/blob/master/service/src/java/org/apache/hive/service/cli/thrift/ThriftHttpServlet.java#L295

            currValue = signer.verifyAndExtract(currValue);
            // Retrieve the user name, do the final validation step.
            if (currValue != null) {
      

      This should be fixed to either:
      a) Have CookieSigner not return an IllegalArgumentException
      b) Improve ThriftHttpServlet to handle CookieSigner throwing an IllegalArgumentException

      Attachments

        1. HIVE-22841.3.patch
          21 kB
          Kevin Risden
        2. HIVE-22841.2.patch
          21 kB
          Kevin Risden
        3. HIVE-22841.1.patch
          20 kB
          Kevin Risden

        Issue Links

          Activity

            People

              krisden Kevin Risden
              krisden Kevin Risden
              Votes:
              0 Vote for this issue
              Watchers:
              5 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: