[jira] [Created] (HADOOP-18824) ZKDelegationTokenSecretManager causes ArithmeticException due to improper numRetries value checking

Mon, 24 Jul 2023 09:39:10 -0700 

ConfX created HADOOP-18824:
------------------------------

             Summary: ZKDelegationTokenSecretManager causes ArithmeticException 
due to improper numRetries value checking
                 Key: HADOOP-18824
                 URL: https://issues.apache.org/jira/browse/HADOOP-18824
             Project: Hadoop Common
          Issue Type: Bug
            Reporter: ConfX
         Attachments: reproduce.sh

h2. What happened

There is no value checking for parameter 
{{{}zk-dt-secret-manager.zkNumRetries{}}}. This may cause improper calculations 
and crashes the system like division by 0.
h2. Buggy code

In {{{}ZKDelegationTokenSecretManager.java{}}}, there is no value checking for 
{{numRetries}} which is passed directly in {{RetryNTimes}} constructor. When 
{{numRetries}} is mistakenly set to 0, the code would cause division by 0 and 
throw ArithmeticException to crash the system.
{noformat}
public ZKDelegationTokenSecretManager(Configuration conf) {
        ...
        int numRetries =
            conf.getInt(ZK_DTSM_ZK_NUM_RETRIES, ZK_DTSM_ZK_NUM_RETRIES_DEFAULT);
        builder =
            ...
                .retryPolicy(
                    new RetryNTimes(numRetries, sessionT / numRetries));
        ...{noformat}
h2. How to reproduce
 # set zk-dt-secret-manager.zkNumRetries=0
 # run 
org.apache.hadoop.security.token.delegation.TestZKDelegationTokenSecretManager.testMultiNodeOperations
 # You will see the following stack trace.

{noformat}
java.lang.RuntimeException: Could not Load ZK acls or auth: 
java.lang.ArithmeticException: / by zero
    at 
org.apache.hadoop.security.token.delegation.ZKDelegationTokenSecretManager.<init>(ZKDelegationTokenSecretManager.java:227)
    at 
org.apache.hadoop.security.token.delegation.web.DelegationTokenManager$ZKSecretManager.<init>(DelegationTokenManager.java:99)
    at 
org.apache.hadoop.security.token.delegation.web.DelegationTokenManager.<init>(DelegationTokenManager.java:120)
    at 
org.apache.hadoop.security.token.delegation.TestZKDelegationTokenSecretManager.testMultiNodeOperations(TestZKDelegationTokenSecretManager.java:113)
        ...{noformat}
For an easy reproduction, run the reproduce.sh in the attachment. We are happy 
to provide a patch if this issue is confirmed.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to