hadoop-common-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Sean Busbey (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HADOOP-12869) CryptoInputStream#read() may return incorrect result
Date Fri, 04 Mar 2016 12:56:40 GMT

    [ https://issues.apache.org/jira/browse/HADOOP-12869?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15179849#comment-15179849
] 

Sean Busbey commented on HADOOP-12869:
--------------------------------------

Please add a test that shows the issue.

The docs for the [read method we call claim|https://docs.oracle.com/javase/7/docs/api/java/io/FilterInputStream.html#read(byte[],%20int,%20int)]:

{code}
public int read(byte[] b,
       int off,
       int len)
         throws IOException

Reads up to len bytes of data from this input stream into an array of bytes. If len is not
zero, the method blocks until some input is available; otherwise, no bytes are read and 0
is returned.
{code}

We pass in a len of 1. If FIS is blocking until "some" input is available, shouldn't that
mean it has to have >= 1 byte available?

> CryptoInputStream#read() may return incorrect result
> ----------------------------------------------------
>
>                 Key: HADOOP-12869
>                 URL: https://issues.apache.org/jira/browse/HADOOP-12869
>             Project: Hadoop Common
>          Issue Type: Bug
>          Components: security
>    Affects Versions: 2.7.2, 3.0.0
>            Reporter: Dapeng Sun
>            Assignee: Dapeng Sun
>            Priority: Critical
>         Attachments: HADOOP-12869.001.patch, HADOOP-12869.002.patch
>
>
> Here is the comment of {{FilterInputStream#read()}}:
> {noformat}
>     /**
>      * Reads the next byte of data from this input stream. The value
>      * byte is returned as an <code>int</code> in the range
>      * <code>0</code> to <code>255</code>. If no byte is available
>      * because the end of the stream has been reached, the value
>      * <code>-1</code> is returned. This method blocks until input data
>      * is available, the end of the stream is detected, or an exception
>      * is thrown.
>      * <p>
>      * This method
>      * simply performs <code>in.read()</code> and returns the result.
>      *
>      * @return     the next byte of data, or <code>-1</code> if the end of
the
>      *             stream is reached.
>      * @exception  IOException  if an I/O error occurs.
>      * @see        java.io.FilterInputStream#in
>      */
>     public int read() throws IOException {
>         return in.read();
>     }
> {noformat}
> Here is the implementation of {{CryptoInputStream#read()}} in Hadoop Common:
> {noformat}
> @Override
> public int read() throws IOException {
>   return (read(oneByteBuf, 0, 1) == -1) ? -1 : (oneByteBuf[0] & 0xff);		
> }
> {noformat}
> The return value of {{read(oneByteBuf, 0, 1)}} maybe 1, -1 and 0:
> For {{1}}: we should return the content of {{oneByteBuf}}
> For {{-1}}: we should return {{-1}} to stand for the end of stream
> For {{0}}: it means we didn't get decryption data back and it is not the end of the stream,
we should continue to decrypt the stream. But it return {{0}} on {{read()}} in current implementation,
it means the decrypted content is {{0}} and it is incorrect.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message