[jira] [Commented] (HIVE-22841) ThriftHttpServlet#getClientNameFromCookie should handle CookieSigner IllegalArgumentException on invalid cookie signature

Wed, 12 Feb 2020 15:04:11 -0800 


    [ 
https://issues.apache.org/jira/browse/HIVE-22841?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17035771#comment-17035771
 ] 

Hive QA commented on HIVE-22841:
--------------------------------



Here are the results of testing the latest attachment:
https://issues.apache.org/jira/secure/attachment/12993155/HIVE-22841.2.patch

{color:green}SUCCESS:{color} +1 due to 2 test(s) being added or modified.

{color:green}SUCCESS:{color} +1 due to 17995 tests passed

Test results: 
https://builds.apache.org/job/PreCommit-HIVE-Build/20582/testReport
Console output: https://builds.apache.org/job/PreCommit-HIVE-Build/20582/console
Test logs: http://104.198.109.242/logs/PreCommit-HIVE-Build-20582/

Messages:
{noformat}
Executing org.apache.hive.ptest.execution.TestCheckPhase
Executing org.apache.hive.ptest.execution.PrepPhase
Executing org.apache.hive.ptest.execution.YetusPhase
Executing org.apache.hive.ptest.execution.ExecutionPhase
Executing org.apache.hive.ptest.execution.ReportingPhase
{noformat}

This message is automatically generated.

ATTACHMENT ID: 12993155 - PreCommit-HIVE-Build

> ThriftHttpServlet#getClientNameFromCookie should handle CookieSigner 
> IllegalArgumentException on invalid cookie signature
> -------------------------------------------------------------------------------------------------------------------------
>
>                 Key: HIVE-22841
>                 URL: https://issues.apache.org/jira/browse/HIVE-22841
>             Project: Hive
>          Issue Type: Bug
>          Components: HiveServer2
>            Reporter: Kevin Risden
>            Assignee: Kevin Risden
>            Priority: Major
>         Attachments: HIVE-22841.1.patch, HIVE-22841.2.patch
>
>
> Currently CookieSigner throws an IllegalArgumentException if the cookie 
> signature is invalid. 
> {code:java}
> if (!MessageDigest.isEqual(originalSignature.getBytes(), 
> currentSignature.getBytes())) {
>       throw new IllegalArgumentException("Invalid sign, original = " + 
> originalSignature +
>         " current = " + currentSignature);
>     }
> {code}
> CookieSigner is only used in the ThriftHttpServlet#getClientNameFromCookie 
> and doesn't handle the IllegalArgumentException. It is only checking if the 
> value from the cookie is null or not.
> https://github.com/apache/hive/blob/master/service/src/java/org/apache/hive/service/cli/thrift/ThriftHttpServlet.java#L295
> {code:java}
>       currValue = signer.verifyAndExtract(currValue);
>       // Retrieve the user name, do the final validation step.
>       if (currValue != null) {
> {code}
> This should be fixed to either:
> a) Have CookieSigner not return an IllegalArgumentException
> b) Improve ThriftHttpServlet to handle CookieSigner throwing an 
> IllegalArgumentException



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

Reply via email to