ACCUMULO-2278 Return value from in.read() should be checked

Return value from in.read() should be checked in
NonCachingSecretKeyEn.cryptionStrategy#doKeyEncryptionOperation()

Commits squashed and rebase'd onto 1.7 branch, formatted, and log
message reworded by ctubbsii. This closes #163

Signed-off-by: Christopher Tubbs <ctubb...@apache.org>


Project: http://git-wip-us.apache.org/repos/asf/accumulo/repo
Commit: http://git-wip-us.apache.org/repos/asf/accumulo/commit/9e236f28
Tree: http://git-wip-us.apache.org/repos/asf/accumulo/tree/9e236f28
Diff: http://git-wip-us.apache.org/repos/asf/accumulo/diff/9e236f28

Branch: refs/heads/1.8
Commit: 9e236f289679e950e181db7c14b7f54042d1bb14
Parents: c58cf64
Author: mm376k <mm3...@mdcdtl02mm376k.itservices.sbc.com>
Authored: Tue Oct 11 19:29:03 2016 -0400
Committer: Christopher Tubbs <ctubb...@apache.org>
Committed: Fri Oct 14 17:43:13 2016 -0400

----------------------------------------------------------------------
 .../NonCachingSecretKeyEncryptionStrategy.java  | 61 +++++++++++---------
 1 file changed, 33 insertions(+), 28 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/accumulo/blob/9e236f28/core/src/main/java/org/apache/accumulo/core/security/crypto/NonCachingSecretKeyEncryptionStrategy.java
----------------------------------------------------------------------
diff --git 
a/core/src/main/java/org/apache/accumulo/core/security/crypto/NonCachingSecretKeyEncryptionStrategy.java
 
b/core/src/main/java/org/apache/accumulo/core/security/crypto/NonCachingSecretKeyEncryptionStrategy.java
index 1dd8d60..5c9ca8c 100644
--- 
a/core/src/main/java/org/apache/accumulo/core/security/crypto/NonCachingSecretKeyEncryptionStrategy.java
+++ 
b/core/src/main/java/org/apache/accumulo/core/security/crypto/NonCachingSecretKeyEncryptionStrategy.java
@@ -76,44 +76,49 @@ public class NonCachingSecretKeyEncryptionStrategy 
implements SecretKeyEncryptio
 
       int keyEncryptionKeyLength = in.readInt();
       byte[] keyEncryptionKey = new byte[keyEncryptionKeyLength];
-      in.read(keyEncryptionKey);
+      int bytesRead = in.read(keyEncryptionKey);
 
       Cipher cipher = 
DefaultCryptoModuleUtils.getCipher(params.getAllOptions().get(Property.CRYPTO_DEFAULT_KEY_STRATEGY_CIPHER_SUITE.getKey()));
 
-      try {
-        cipher.init(encryptionMode, new SecretKeySpec(keyEncryptionKey, 
params.getAlgorithmName()));
-      } catch (InvalidKeyException e) {
-        log.error("{}", e.getMessage(), e);
-        throw new RuntimeException(e);
-      }
-
-      if (Cipher.UNWRAP_MODE == encryptionMode) {
+      // check if the number of bytes read into the array is the same as the 
value of the length field,
+      if (bytesRead == keyEncryptionKeyLength) {
         try {
-          Key plaintextKey = cipher.unwrap(params.getEncryptedKey(), 
params.getAlgorithmName(), Cipher.SECRET_KEY);
-          params.setPlaintextKey(plaintextKey.getEncoded());
+          cipher.init(encryptionMode, new SecretKeySpec(keyEncryptionKey, 
params.getAlgorithmName()));
         } catch (InvalidKeyException e) {
           log.error("{}", e.getMessage(), e);
           throw new RuntimeException(e);
-        } catch (NoSuchAlgorithmException e) {
-          log.error("{}", e.getMessage(), e);
-          throw new RuntimeException(e);
-        }
-      } else {
-        Key plaintextKey = new SecretKeySpec(params.getPlaintextKey(), 
params.getAlgorithmName());
-        try {
-          byte[] encryptedSecretKey = cipher.wrap(plaintextKey);
-          params.setEncryptedKey(encryptedSecretKey);
-          params.setOpaqueKeyEncryptionKeyID(pathToKeyName);
-        } catch (InvalidKeyException e) {
-          log.error("{}", e.getMessage(), e);
-          throw new RuntimeException(e);
-        } catch (IllegalBlockSizeException e) {
-          log.error("{}", e.getMessage(), e);
-          throw new RuntimeException(e);
         }
 
-      }
+        if (Cipher.UNWRAP_MODE == encryptionMode) {
+          try {
+            Key plaintextKey = cipher.unwrap(params.getEncryptedKey(), 
params.getAlgorithmName(), Cipher.SECRET_KEY);
+            params.setPlaintextKey(plaintextKey.getEncoded());
+          } catch (InvalidKeyException e) {
+            log.error("{}", e.getMessage(), e);
+            throw new RuntimeException(e);
+          } catch (NoSuchAlgorithmException e) {
+            log.error("{}", e.getMessage(), e);
+            throw new RuntimeException(e);
+          }
+        } else {
+          Key plaintextKey = new SecretKeySpec(params.getPlaintextKey(), 
params.getAlgorithmName());
+          try {
+            byte[] encryptedSecretKey = cipher.wrap(plaintextKey);
+            params.setEncryptedKey(encryptedSecretKey);
+            params.setOpaqueKeyEncryptionKeyID(pathToKeyName);
+          } catch (InvalidKeyException e) {
+            log.error("{}", e.getMessage(), e);
+            throw new RuntimeException(e);
+          } catch (IllegalBlockSizeException e) {
+            log.error("{}", e.getMessage(), e);
+            throw new RuntimeException(e);
+          }
 
+        }
+      } else {
+        log.error("{}", "Error:bytesRead does not match EncryptionkeyLength");
+        throw new IllegalArgumentException("Error:bytesRead does not match 
EncryptionkeyLength");
+      }
     } finally {
       if (in != null) {
         in.close();

Reply via email to