Return-Path: X-Original-To: apmail-hadoop-common-issues-archive@minotaur.apache.org Delivered-To: apmail-hadoop-common-issues-archive@minotaur.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 93CD118F71 for ; Fri, 4 Mar 2016 12:59:41 +0000 (UTC) Received: (qmail 72425 invoked by uid 500); 4 Mar 2016 12:59:41 -0000 Delivered-To: apmail-hadoop-common-issues-archive@hadoop.apache.org Received: (qmail 72262 invoked by uid 500); 4 Mar 2016 12:59:41 -0000 Mailing-List: contact common-issues-help@hadoop.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: common-issues@hadoop.apache.org Delivered-To: mailing list common-issues@hadoop.apache.org Received: (qmail 71902 invoked by uid 99); 4 Mar 2016 12:59:41 -0000 Received: from arcas.apache.org (HELO arcas) (140.211.11.28) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 04 Mar 2016 12:59:41 +0000 Received: from arcas.apache.org (localhost [127.0.0.1]) by arcas (Postfix) with ESMTP id D16922C1F6B for ; Fri, 4 Mar 2016 12:59:40 +0000 (UTC) Date: Fri, 4 Mar 2016 12:59:40 +0000 (UTC) From: "Sean Busbey (JIRA)" To: common-issues@hadoop.apache.org Message-ID: In-Reply-To: References: Subject: [jira] [Updated] (HADOOP-12869) CryptoInputStream#read() may return incorrect result MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-JIRA-FingerPrint: 30527f35849b9dde25b450d4833f0394 [ https://issues.apache.org/jira/browse/HADOOP-12869?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Sean Busbey updated HADOOP-12869: --------------------------------- Target Version/s: 3.0.0, 2.7.3, 2.6.5 (was: 3.0.0) > CryptoInputStream#read() may return incorrect result > ---------------------------------------------------- > > Key: HADOOP-12869 > URL: https://issues.apache.org/jira/browse/HADOOP-12869 > Project: Hadoop Common > Issue Type: Bug > Components: security > Affects Versions: 2.6.0, 2.7.0, 3.0.0 > Reporter: Dapeng Sun > Assignee: Dapeng Sun > Priority: Critical > Attachments: HADOOP-12869.001.patch, HADOOP-12869.002.patch > > > Here is the comment of {{FilterInputStream#read()}}: > {noformat} > /** > * Reads the next byte of data from this input stream. The value > * byte is returned as an int in the range > * 0 to 255. If no byte is available > * because the end of the stream has been reached, the value > * -1 is returned. This method blocks until input data > * is available, the end of the stream is detected, or an exception > * is thrown. > *

> * This method > * simply performs in.read() and returns the result. > * > * @return the next byte of data, or -1 if the end of the > * stream is reached. > * @exception IOException if an I/O error occurs. > * @see java.io.FilterInputStream#in > */ > public int read() throws IOException { > return in.read(); > } > {noformat} > Here is the implementation of {{CryptoInputStream#read()}} in Hadoop Common: > {noformat} > @Override > public int read() throws IOException { > return (read(oneByteBuf, 0, 1) == -1) ? -1 : (oneByteBuf[0] & 0xff); > } > {noformat} > The return value of {{read(oneByteBuf, 0, 1)}} maybe 1, -1 and 0: > For {{1}}: we should return the content of {{oneByteBuf}} > For {{-1}}: we should return {{-1}} to stand for the end of stream > For {{0}}: it means we didn't get decryption data back and it is not the end of the stream, we should continue to decrypt the stream. But it return {{0}} on {{read()}} in current implementation, it means the decrypted content is {{0}} and it is incorrect. -- This message was sent by Atlassian JIRA (v6.3.4#6332)