[
https://issues.apache.org/jira/browse/ACCUMULO-1987?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Keith Turner updated ACCUMULO-1987:
-----------------------------------
Affects Version/s: (was: 1.6.0)
> Incorrect handling of auth byte sequences in TabletServer
> ---------------------------------------------------------
>
> Key: ACCUMULO-1987
> URL: https://issues.apache.org/jira/browse/ACCUMULO-1987
> Project: Accumulo
> Issue Type: Bug
> Reporter: Michael Allen
> Assignee: Michael Allen
> Fix For: 1.6.0
>
> Attachments: Fixes-byte-buffer-copy-bug.patch
>
>
> In TabletServer.java: 667
> return security.userHasAuthorizations(credentials, Collections.<ByteBuffer>
> singletonList(ByteBuffer.wrap(****auth.getBackingArray()****)));
> (Emphasis mine obviously)
> That getBackingArray() will return the whole array even when the auth object
> has limits set upon it. That has the effect of passing labels to
> userHasAuthorization() that are incorrect. For instance, if your label
> expression has & and | in it, it will pass the entire string as the label
> string, as opposed to just one part of it in certain parts of the parsing.
> The fix is to also use the auth.offset() and auth.length() parameters when
> building the ByteBuffer. Patch coming.
--
This message was sent by Atlassian JIRA
(v6.2#6252)
