hadoop-hdfs-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "He Xiaoqiao (JIRA)" <j...@apache.org>
Subject [jira] [Created] (HDFS-13668) FSPermissionChecker may throws AIOOE when check if inode has permission
Date Sun, 10 Jun 2018 06:40:00 GMT
He Xiaoqiao created HDFS-13668:
----------------------------------

             Summary: FSPermissionChecker may throws AIOOE when check if inode has permission
                 Key: HDFS-13668
                 URL: https://issues.apache.org/jira/browse/HDFS-13668
             Project: Hadoop HDFS
          Issue Type: Bug
          Components: namenode
    Affects Versions: 3.1.0, 2.10.0, 2.7.7
            Reporter: He Xiaoqiao
            Assignee: He Xiaoqiao


{{FSPermissionChecker}} may throw {{ArrayIndexOutOfBoundsException:0}} when check if has permission,
since it only check inode's {{aclFeature}} if null or not but not check it's entry size. When
it meets {{aclFeature}} not null but it's entry size equal to 0, it will throw AIOOE.
{code:java}
private boolean hasPermission(INodeAttributes inode, FsAction access) {
  ......
  final AclFeature aclFeature = inode.getAclFeature();
  if (aclFeature != null) {
    // It's possible that the inode has a default ACL but no access ACL.
    int firstEntry = aclFeature.getEntryAt(0);
    if (AclEntryStatusFormat.getScope(firstEntry) == AclEntryScope.ACCESS) {
      return hasAclPermission(inode, access, mode, aclFeature);
    }
  }
  ......
}
{code}

Actually if use default {{INodeAttributeProvider}}, it can ensure that when {{inode}}'s aclFeature
is not null and it's entry size also will be greater than 0, but {{INodeAttributeProvider}}
is a public interface, we could not ensure external implement (e.g. Apache Sentry, Apache
Ranger) also has the similar constraint. 



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

---------------------------------------------------------------------
To unsubscribe, e-mail: hdfs-issues-unsubscribe@hadoop.apache.org
For additional commands, e-mail: hdfs-issues-help@hadoop.apache.org


Mime
View raw message