[jira] [Commented] (ARROW-16225) [c++][parquet] encryption code bug?

[Antoine Pitrou (Jira)]

    [ 
https://issues.apache.org/jira/browse/ARROW-16225?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17527598#comment-17527598
 ] 

Antoine Pitrou commented on ARROW-16225:
----------------------------------------

Looking at the fix now, this is a potentially critical security issue (I'm not 
sure what kAadFileUniqueLength is for?)

> [c++][parquet] encryption code bug?
> -----------------------------------
>
>                 Key: ARROW-16225
>                 URL: https://issues.apache.org/jira/browse/ARROW-16225
>             Project: Apache Arrow
>          Issue Type: Bug
>          Components: C++, Parquet
>            Reporter: zhengle
>            Assignee: Maya Anderson
>            Priority: Critical
>              Labels: pull-request-available
>             Fix For: 8.0.0
>
>          Time Spent: 40m
>  Remaining Estimate: 0h
>
> File:  cpp\src\parquet\encryption\encryption.cc
> Line:  393
> {code:cpp}
> encryption::RandBytes(aad_file_unique, sizeof(kAadFileUniqueLength));
> {code}
> *sizeof* seems unnecessary here?



--
This message was sent by Atlassian Jira
(v8.20.7#820007)