[
https://issues.apache.org/jira/browse/BOOKKEEPER-938?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15368655#comment-15368655
]
ASF GitHub Bot commented on BOOKKEEPER-938:
-------------------------------------------
GitHub user dlg99 opened a pull request:
https://github.com/apache/bookkeeper/pull/52
BOOKKEEPER-938 ledger digestType autodetection on open
Currently digestType verification in LedgerOpenOp seems to be treated as
part of security logic.
Since it is checked after password and error explicitly states that
digestType mismatched,
all that evil hacker has to do is to change digest type to another one.
There are only two of them after all.
here is the scenario significantly affected by current behavior:
1. user rolls out clients with digestType set to MAC and creates lots of
ledgers.
2. user notices that MAC is slower than CRC32 and decides to change
digestType.
3. more ledgers created with CRC32.
4. user tries to read old and new ledgers
-> now old ledgers cannot be read because of the digest type mismatch.
You can merge this pull request into a Git repository by running:
$ git pull https://github.com/dlg99/bookkeeper
fix/BOOKKEEPER-938-digest-autodetect
Alternatively you can review and apply these changes as the patch at:
https://github.com/apache/bookkeeper/pull/52.patch
To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:
This closes #52
----
commit af67370775e688e65919f1294fb96f0c1be108d9
Author: Andrey Yegorov <[email protected]>
Date: 2016-07-08T23:00:18Z
BOOKKEEPER-938 ledger digestType autodetection on open (via configurable
parameter)
commit b6ebba39fd2ec1a5d6cd0ad1184a7d6db62b9c44
Author: Andrey Yegorov <[email protected]>
Date: 2016-07-08T23:07:36Z
BOOKKEEPER-938 autoformat managed to sneak tabs instead of spaces
----
> LedgerOpenOp should use digestType from metadata
> ------------------------------------------------
>
> Key: BOOKKEEPER-938
> URL: https://issues.apache.org/jira/browse/BOOKKEEPER-938
> Project: Bookkeeper
> Issue Type: Bug
> Components: bookkeeper-client
> Affects Versions: 4.5.0
> Reporter: Andrey Yegorov
> Priority: Minor
>
> Currently digestType verification in LedgerOpenOp seems to be treated as part
> of security logic. Since it is checked after password and error explicitly
> states that digestType mismatched, all that evil hacker has to do is to
> change digest type to another one. There are only two of them after all.
> here is the scenario significantly affected by current behavior:
> 1. user rolls out clients with digestType set to MAC and creates lots of
> ledgers.
> 2. user notices that MAC is slower than CRC32 and decides to change
> digestType.
> 3. more ledgers created with CRC32.
> 4. user tries to read old and new ledgers
> -> now old ledgers cannot be read because of the digest type mismatch.
> I'll send pull request for review.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
