[
https://issues.apache.org/jira/browse/KUDU-3520?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Attila Bukor reassigned KUDU-3520:
----------------------------------
Assignee: Attila Bukor
> File descriptor leak in Env::NewRWFile() when ecryption-at-rest is enabled
> --------------------------------------------------------------------------
>
> Key: KUDU-3520
> URL: https://issues.apache.org/jira/browse/KUDU-3520
> Project: Kudu
> Issue Type: Bug
> Components: fs, security, tserver
> Affects Versions: 1.16.0, 1.17.0
> Reporter: Alexey Serbin
> Assignee: Attila Bukor
> Priority: Major
>
> There is a file descriptor leak in {{Env::NewRWFile()}} on an error path when
> encryption-at-rest is enabled.
> In the code below, if {{ReadEncryptionHeader()}} or
> {{WriteEncryptionHeader()}} failed, the descriptor of the file opened by
> {{DoOpen()}} would be leaked.
> {noformat}
> RETURN_NOT_OK(DoOpen(fname, opts.mode, &fd));
> EncryptionHeader eh;
> if (encrypt) {
> DCHECK(encryption_key_);
> if (size >= kEncryptionHeaderSize) {
> RETURN_NOT_OK(ReadEncryptionHeader(fd, fname, *encryption_key_, &eh));
> } else {
> RETURN_NOT_OK(GenerateHeader(&eh));
> RETURN_NOT_OK(WriteEncryptionHeader(fd, fname, *encryption_key_, eh));
> }
> }
> result->reset(new PosixRWFile(fname, fd, opts.sync_on_close, encrypt,
> eh));
> {noformat}
> It's been evidenced in the wild when creating the metadata file for a tablet
> during tablet copying failed with the error like below:
> {noformat}
> Runtime error: Couldn't create tablet metadata: Failed to write tablet
> metadata d199a872b03848d695f067ed5c694835: Failed to initialize encryption:
> error:0607B083:digital envelope routines:EVP_CipherInit_ex:no cipher
> set:crypto/evp/evp_enc.c:170
> {noformat}
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
