He Xiaoqiao created HDFS-13668:
----------------------------------
Summary: FSPermissionChecker may throws AIOOE when check if inode
has permission
Key: HDFS-13668
URL: https://issues.apache.org/jira/browse/HDFS-13668
Project: Hadoop HDFS
Issue Type: Bug
Components: namenode
Affects Versions: 3.1.0, 2.10.0, 2.7.7
Reporter: He Xiaoqiao
Assignee: He Xiaoqiao
{{FSPermissionChecker}} may throw {{ArrayIndexOutOfBoundsException:0}} when
check if has permission, since it only check inode's {{aclFeature}} if null or
not but not check it's entry size. When it meets {{aclFeature}} not null but
it's entry size equal to 0, it will throw AIOOE.
{code:java}
private boolean hasPermission(INodeAttributes inode, FsAction access) {
......
final AclFeature aclFeature = inode.getAclFeature();
if (aclFeature != null) {
// It's possible that the inode has a default ACL but no access ACL.
int firstEntry = aclFeature.getEntryAt(0);
if (AclEntryStatusFormat.getScope(firstEntry) == AclEntryScope.ACCESS) {
return hasAclPermission(inode, access, mode, aclFeature);
}
}
......
}
{code}
Actually if use default {{INodeAttributeProvider}}, it can ensure that when
{{inode}}'s aclFeature is not null and it's entry size also will be greater
than 0, but {{INodeAttributeProvider}} is a public interface, we could not
ensure external implement (e.g. Apache Sentry, Apache Ranger) also has the
similar constraint.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
