[
https://issues.apache.org/jira/browse/HADOOP-17711?focusedWorklogId=602095&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-602095
]
ASF GitHub Bot logged work on HADOOP-17711:
-------------------------------------------
Author: ASF GitHub Bot
Created on: 26/May/21 04:58
Start Date: 26/May/21 04:58
Worklog Time Spent: 10m
Work Description: yiyuaner commented on a change in pull request #3048:
URL: https://github.com/apache/hadoop/pull/3048#discussion_r639400894
##########
File path:
hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/crypto/key/kms/LoadBalancingKMSClientProvider.java
##########
@@ -233,6 +233,10 @@ private LoadBalancingKMSClientProvider(URI uri,
}
private int nextIdx() {
+ if (providers.length == 0) {
Review comment:
Ok. I have moved the checks to the constructor.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
[email protected]
Issue Time Tracking
-------------------
Worklog Id: (was: 602095)
Remaining Estimate: 10m (was: 20m)
Time Spent: 50m (was: 40m)
> A divide by zero bug in LoadBalancingKMSClientProvider.java
> -----------------------------------------------------------
>
> Key: HADOOP-17711
> URL: https://issues.apache.org/jira/browse/HADOOP-17711
> Project: Hadoop Common
> Issue Type: Bug
> Components: kms
> Reporter: Yiyuan GUO
> Priority: Major
> Labels: easyfix, pull-request-available, security
> Original Estimate: 1h
> Time Spent: 50m
> Remaining Estimate: 10m
>
> In the file _kms/LoadBalancingKMSClientProvider.java_, the function
> _rollNewVersion_ has the following
> [code|https://github.com/apache/hadoop/blob/trunk/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/crypto/key/kms/LoadBalancingKMSClientProvider.java#L509-#L516]:
>
> {code:java}
> @Override
> public KeyVersion rollNewVersion(final String name, final byte[] material)
> throws IOException {
> final KeyVersion newVersion = doOp(new ProviderCallable<KeyVersion>() {
> @Override
> public KeyVersion call(KMSClientProvider provider) throws IOException {
> return provider.rollNewVersion(name, material);
> }
> }, nextIdx(), false);
> ...
> }
> {code}
> The function _nextIdx_ uses _providers.length_ as a divisor:
> {code:java}
> private int nextIdx() {
> while (true) {
> int current = currentIdx.get();
> int next = (current + 1) % providers.length;
> ......
> }{code}
> However, _providers.length_ may be equal to zero, since the function _doOp_
> explicitly checks that and throws an exception when it happens:
> {code:java}
> private <T> T doOp(ProviderCallable<T> op, int currPos,
> boolean isIdempotent) throws IOException {
> if (providers.length == 0) {
> throw new IOException("No providers configured !");
> }
> ...
> }
> {code}
>
> The problem is that when _providers.length_ is 0, a divide by zero problem
> will happen when computing the argument for _doOp_ (inside the function
> _nextIdx_) before reaching the protection check above, causing an
> ArithmeticException.
>
>
>
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
