[
https://issues.apache.org/jira/browse/KNOX-2469?focusedWorklogId=512073&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-512073
]
ASF GitHub Bot logged work on KNOX-2469:
----------------------------------------
Author: ASF GitHub Bot
Created on: 15/Nov/20 23:59
Start Date: 15/Nov/20 23:59
Worklog Time Spent: 10m
Work Description: jameschen1519 commented on a change in pull request
#383:
URL: https://github.com/apache/knox/pull/383#discussion_r523834400
##########
File path:
gateway-server/src/main/java/org/apache/knox/gateway/services/security/impl/DefaultKeystoreService.java
##########
@@ -513,12 +513,14 @@ private synchronized boolean isKeyStoreAvailable(final
Path keyStoreFilePath, St
// Package private for unit test access
// We need this to be synchronized to prevent multiple threads from using at
once
synchronized KeyStore createKeyStore(Path keystoreFilePath, String
keystoreType, char[] password) throws KeystoreServiceException {
- if (Files.notExists(keystoreFilePath)) {
- // Ensure the parent directory exists...
- try {
+ // Ensure the parent directory exists...
+ // This is symlink safe.
+ Path parentPath = keystoreFilePath.getParent();
Review comment:
Thanks for the catch. I think it would be sufficient to just add a null
check to the if statement, since we want the call to getParent to be successful
when the keystore directory happens to be the root directory.
I'll try adding in a test case to check if this fix works if the last
directory is a symlink.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
[email protected]
Issue Time Tracking
-------------------
Worklog Id: (was: 512073)
Remaining Estimate: 167h 40m (was: 167h 50m)
Time Spent: 20m (was: 10m)
> Knox keystore directory creation fails when following a symlink
> ---------------------------------------------------------------
>
> Key: KNOX-2469
> URL: https://issues.apache.org/jira/browse/KNOX-2469
> Project: Apache Knox
> Issue Type: Bug
> Components: Server
> Affects Versions: 1.4.0, 1.5.0
> Reporter: James Chen
> Priority: Minor
> Labels: easy-fix, patch-available
> Fix For: 1.4.0, 1.5.0
>
> Attachments: 0001-Fixing-Knox-symlink.patch
>
> Original Estimate: 168h
> Time Spent: 20m
> Remaining Estimate: 167h 40m
>
> At the moment, if the keystore path does not exist, Knox attempts to create
> the parent directories of the keystore path recursively. However, there is an
> edge case, as described in JDK-8130464, where the directory creation fails if
> the final, parent directory of the keystore path is a symlink. This causes a
> failure during startup.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
