hadoop-common-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Daryn Sharp (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HADOOP-9363) AuthenticatedURL will NPE if server closes connection
Date Tue, 05 Mar 2013 19:10:13 GMT

    [ https://issues.apache.org/jira/browse/HADOOP-9363?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13593781#comment-13593781
] 

Daryn Sharp commented on HADOOP-9363:
-------------------------------------

Example stack trace from 23, although the line numbers should be similar for trunk.  Problem
was found while attempting to inject faults to force acquisition of a new SPNEGO token.

In this particular case, a kerberos replay attack exception caused the server to abruptly
close the connection.  The issue could of course happen for other reasons.

{noformat}
Exception in thread "main" java.lang.RuntimeException: java.lang.NullPointerException
	at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1014)
	at sun.net.www.protocol.http.HttpURLConnection.getHeaderField(HttpURLConnection.java:2211)
	at java.net.HttpURLConnection.getResponseCode(HttpURLConnection.java:382)
	at org.apache.hadoop.security.authentication.client.AuthenticatedURL.extractToken(AuthenticatedURL.java:251)
	at org.apache.hadoop.security.authentication.client.PseudoAuthenticator.authenticate(PseudoAuthenticator.java:61)
	at org.apache.hadoop.security.authentication.client.KerberosAuthenticator.authenticate(KerberosAuthenticator.java:143)
	at org.apache.hadoop.security.authentication.client.AuthenticatedURL.openConnection(AuthenticatedURL.java:217)
	at org.apache.hadoop.hdfs.web.WebHdfsFileSystem.getHttpUrlConnection(WebHdfsFileSystem.java:360)
        [....]
Caused by: java.lang.NullPointerException
	at sun.net.www.protocol.http.NegotiateAuthentication.setHeaders(NegotiateAuthentication.java:161)
	at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1171)
	at java.net.HttpURLConnection.getResponseCode(HttpURLConnection.java:373)
{noformat}
                
> AuthenticatedURL will NPE if server closes connection
> -----------------------------------------------------
>
>                 Key: HADOOP-9363
>                 URL: https://issues.apache.org/jira/browse/HADOOP-9363
>             Project: Hadoop Common
>          Issue Type: Bug
>          Components: security
>    Affects Versions: 0.23.0, 2.0.0-alpha, 3.0.0
>            Reporter: Daryn Sharp
>
> A NPE occurs if the server unexpectedly closes the connection for an {{AuthenticatedURL}}
w/o sending a response.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

Mime
View raw message