accumulo-notifications mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Michael Allen (JIRA)" <j...@apache.org>
Subject [jira] [Created] (ACCUMULO-1987) Incorrect handling of auth byte sequences in TabletServer
Date Mon, 09 Dec 2013 16:14:06 GMT
Michael Allen created ACCUMULO-1987:
---------------------------------------

             Summary: Incorrect handling of auth byte sequences in TabletServer
                 Key: ACCUMULO-1987
                 URL: https://issues.apache.org/jira/browse/ACCUMULO-1987
             Project: Accumulo
          Issue Type: Bug
    Affects Versions: 1.6.0
            Reporter: Michael Allen


In TabletServer.java: 667

return security.userHasAuthorizations(credentials, Collections.<ByteBuffer> singletonList(ByteBuffer.wrap(****auth.getBackingArray()****)));

(Emphasis mine obviously)

That getBackingArray() will return the whole array even when the auth object has limits set
upon it.  That has the effect of passing labels to userHasAuthorization() that are incorrect.
 For instance, if your label expression has & and | in it, it will pass the entire string
as the label string, as opposed to just one part of it in certain parts of the parsing.

The fix is to also use the auth.offset() and auth.length() parameters when building the ByteBuffer.
 Patch coming.



--
This message was sent by Atlassian JIRA
(v6.1.4#6159)

Mime
View raw message