[jira] [Work logged] (KNOX-2469) Knox keystore directory creation fails when following a symlink

Mon, 16 Nov 2020 05:48:51 -0800 


     [ 
https://issues.apache.org/jira/browse/KNOX-2469?focusedWorklogId=512372&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-512372
 ]

ASF GitHub Bot logged work on KNOX-2469:
----------------------------------------

                Author: ASF GitHub Bot
            Created on: 16/Nov/20 13:47
            Start Date: 16/Nov/20 13:47
    Worklog Time Spent: 10m 
      Work Description: jameschen1519 commented on a change in pull request 
#383:
URL: https://github.com/apache/knox/pull/383#discussion_r524277885



##########
File path: 
gateway-server/src/main/java/org/apache/knox/gateway/services/security/impl/DefaultKeystoreService.java
##########
@@ -513,12 +513,14 @@ private synchronized boolean isKeyStoreAvailable(final 
Path keyStoreFilePath, St
   // Package private for unit test access
   // We need this to be synchronized to prevent multiple threads from using at 
once
   synchronized KeyStore createKeyStore(Path keystoreFilePath, String 
keystoreType, char[] password) throws KeystoreServiceException {
-    if (Files.notExists(keystoreFilePath)) {
-      // Ensure the parent directory exists...
-      try {
+    // Ensure the parent directory exists...
+    // This is symlink safe.
+    Path parentPath = keystoreFilePath.getParent();

Review comment:
       Test has been added; passes when run locally.




----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
[email protected]


Issue Time Tracking
-------------------

            Worklog Id:     (was: 512372)
    Remaining Estimate: 167h 20m  (was: 167.5h)
            Time Spent: 40m  (was: 0.5h)

> Knox keystore directory creation fails when following a symlink
> ---------------------------------------------------------------
>
>                 Key: KNOX-2469
>                 URL: https://issues.apache.org/jira/browse/KNOX-2469
>             Project: Apache Knox
>          Issue Type: Bug
>          Components: Server
>    Affects Versions: 1.4.0, 1.5.0
>            Reporter: James Chen
>            Priority: Minor
>              Labels: easy-fix, patch-available
>             Fix For: 1.4.0, 1.5.0
>
>         Attachments: 0001-Fixing-Knox-symlink.patch
>
>   Original Estimate: 168h
>          Time Spent: 40m
>  Remaining Estimate: 167h 20m
>
> At the moment, if the keystore path does not exist, Knox attempts to create 
> the parent directories of the keystore path recursively. However, there is an 
> edge case, as described in JDK-8130464, where the directory creation fails if 
> the final, parent directory of the keystore path is a symlink. This causes a 
> failure during startup.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

Reply via email to