[
https://issues.apache.org/jira/browse/IMPALA-12341?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17754955#comment-17754955
]
ASF subversion and git services commented on IMPALA-12341:
----------------------------------------------------------
Commit 9adfe0587cfaf3364c8a3672b1c60b198ef35a89 in impala's branch
refs/heads/master from Gergely Farkas
[ https://gitbox.apache.org/repos/asf?p=impala.git;h=9adfe0587 ]
IMPALA-12341: Fix http header parsing issue in thrift http server
This change fixes the following http header parsing bug in
THttpServer: The THRIFT_strncasecmp() function used in the
THttpServer::parseHeader() function returns true even if the name
of the header being processed is a prefix of the header constant
that is defined in the condition.
For example: In the original implementation when processing the
http header "auth: anyValue", we run into the code fragment where
the Authorization header content is processed, because the condition
THRIFT_strncasecmp("auth: anyValue", "Authorization", 4) == 0)
is true, since the first 4 characters of the two strings are the same.
This can break authentication if the http request has a header
with a name that is a prefix to the word "Authorization".
If the length of the checked header is included in the condition,
this problem is avoided, so this fix refactors the if conditions,
so that this check is present everywhere.
Tested with new custom cluster tests.
Change-Id: I754639cfe3eab0016d09f71ded4821caa357bf87
Reviewed-on: http://gerrit.cloudera.org:8080/20301
Reviewed-by: Csaba Ringhofer <[email protected]>
Tested-by: Impala Public Jenkins <[email protected]>
> hs2 http authentication may fail due to header parsing issues if any prefix
> of the word "authorization" is present as a header in the http request
> --------------------------------------------------------------------------------------------------------------------------------------------------
>
> Key: IMPALA-12341
> URL: https://issues.apache.org/jira/browse/IMPALA-12341
> Project: IMPALA
> Issue Type: Bug
> Reporter: Gergely Farkas
> Assignee: Gergely Farkas
> Priority: Major
>
> Unfortunately, the THttpServer::parseHeader() function has a header parsing
> bug that could lead to an authentication problem:
> The THRIFT_strncasecmp() function used in the implementation returns true
> even if the name of the header being processed is a prefix of the header
> constant that is defined in the condition. For example: When processing the
> http header "auth: anyValue", we run into the code fragment where the
> Authorization header content is processed, because the condition
> THRIFT_strncasecmp("auth: anyValue", "Authorization", 4) == 0) is true, since
> the first 4 characters of the two strings are the same. This may break
> authentication if the http request has a header with a name that is a prefix
> to the word "Authorization" and that header is sent by the client after the
> "Authorization" header.
> The affected code fragment was originally added to the impala code from the
> Apache Thrift code. A bug ticket created to fix the issue in Thrift:
> https://issues.apache.org/jira/browse/THRIFT-5730
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
