junwen yang created HBASE-25856:
-----------------------------------
Summary: Vulnerabilities found when serializing enum value
Key: HBASE-25856
URL: https://issues.apache.org/jira/browse/HBASE-25856
Project: HBase
Issue Type: Improvement
Reporter: junwen yang
In
hadoop/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/common/HdfsServerConstants.java,
the way to serialize the enum ReplicaState is to write the ordinal to the
output stream, which makes the serialization and deserialization vulnerable to
the order of the values. If later in the new version, a value is added for the
enum ReplicaState, then the cross-version interaction will cause problems,
similar to HDFS-15624.
An improvement is to either add comments to inform later developers not to
change this enum, or add checking when trying to deserialize the enum to check
whether the index is not out of index.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
