This is an automated email from the ASF dual-hosted git repository. justinchen pushed a commit to branch to-207-new in repository https://gitbox.apache.org/repos/asf/iotdb.git
commit 681b80397d2643fff16093b89b87b634c048a372 Author: Caideyipi <[email protected]> AuthorDate: Thu Oct 16 14:09:51 2025 +0800 Pipe: Added parameter check to handshake of legacy receiver (#16596) --- .../receiver/protocol/legacy/IoTDBLegacyPipeReceiverAgent.java | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/pipe/receiver/protocol/legacy/IoTDBLegacyPipeReceiverAgent.java b/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/pipe/receiver/protocol/legacy/IoTDBLegacyPipeReceiverAgent.java index d0217b6e3f8..5bc4a8ce151 100644 --- a/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/pipe/receiver/protocol/legacy/IoTDBLegacyPipeReceiverAgent.java +++ b/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/pipe/receiver/protocol/legacy/IoTDBLegacyPipeReceiverAgent.java @@ -102,6 +102,11 @@ public class IoTDBLegacyPipeReceiverAgent { final String remoteAddress, final IPartitionFetcher partitionFetcher, final ISchemaFetcher schemaFetcher) { + if (!validatePipeName(syncIdentityInfo)) { + return new TSStatus(TSStatusCode.ILLEGAL_PARAMETER.getStatusCode()) + .setMessage("Invalid pipeName"); + } + final SyncIdentityInfo identityInfo = new SyncIdentityInfo(syncIdentityInfo, remoteAddress); LOGGER.info("Invoke handshake method from client ip = {}", identityInfo.getRemoteAddress()); @@ -118,6 +123,10 @@ public class IoTDBLegacyPipeReceiverAgent { return RpcUtils.getStatus(TSStatusCode.SUCCESS_STATUS, ""); } + private boolean validatePipeName(final TSyncIdentityInfo info) { + return info.isSetPipeName() && !info.getPipeName().contains(File.separator); + } + private void createConnection(final SyncIdentityInfo identityInfo) { final long connectionId = connectionIdGenerator.incrementAndGet(); currentConnectionId.set(connectionId);
