IMPALA-5005: Don't allow server to send SASL COMPLETE msg out of order Change-Id: I0c0d931d5d6ef3cbf50e2c36619cab2e0c72b629 Reviewed-on: http://gerrit.cloudera.org:8080/6190 Reviewed-by: Jim Apple <[email protected]> Tested-by: Impala Public Jenkins
Project: http://git-wip-us.apache.org/repos/asf/incubator-impala/repo Commit: http://git-wip-us.apache.org/repos/asf/incubator-impala/commit/c8480747 Tree: http://git-wip-us.apache.org/repos/asf/incubator-impala/tree/c8480747 Diff: http://git-wip-us.apache.org/repos/asf/incubator-impala/diff/c8480747 Branch: refs/heads/master Commit: c84807479e129e97c84d60e5028c721bcf52f3d2 Parents: 93eb8cc Author: Henry Robinson <[email protected]> Authored: Mon Feb 27 16:47:48 2017 -0800 Committer: Impala Public Jenkins <[email protected]> Committed: Wed Mar 1 04:01:30 2017 +0000 ---------------------------------------------------------------------- be/src/transport/TSaslTransport.cpp | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/incubator-impala/blob/c8480747/be/src/transport/TSaslTransport.cpp ---------------------------------------------------------------------- diff --git a/be/src/transport/TSaslTransport.cpp b/be/src/transport/TSaslTransport.cpp index 04f58cd..a64861b 100644 --- a/be/src/transport/TSaslTransport.cpp +++ b/be/src/transport/TSaslTransport.cpp @@ -98,7 +98,13 @@ namespace apache { namespace thrift { namespace transport { while (!sasl_->isComplete()) { uint8_t* message = receiveSaslMessage(&status, &resLength); if (status == TSASL_COMPLETE) { - if (isClient_) break; // handshake complete + if (isClient_) { + if (!sasl_->isComplete()) { + // Server sent COMPLETE out of order. + throw TTransportException("Received COMPLETE but no handshake occurred"); + } + break; // handshake complete + } } else if (status != TSASL_OK) { stringstream ss; ss << "Expected COMPLETE or OK, got " << status;
