You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@hbase.apache.org by "junwen yang (Jira)" <ji...@apache.org> on 2021/05/05 20:52:00 UTC
[jira] [Updated] (HBASE-25856) Vulnerabilities found when
serializing enum value
[ https://issues.apache.org/jira/browse/HBASE-25856?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
junwen yang updated HBASE-25856:
--------------------------------
Description: (was: In hadoop/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/common/HdfsServerConstants.java, the way to serialize the enum ReplicaState is to write the ordinal to the output stream, which makes the serialization and deserialization vulnerable to the order of the values. If later in the new version, a value is added for the enum ReplicaState, then the cross-version interaction will cause problems, similar to HDFS-15624.
An improvement is to either add comments to inform later developers not to change this enum, or add checking when trying to deserialize the enum to check whether the index is not out of index.
)
> Vulnerabilities found when serializing enum value
> -------------------------------------------------
>
> Key: HBASE-25856
> URL: https://issues.apache.org/jira/browse/HBASE-25856
> Project: HBase
> Issue Type: Improvement
> Reporter: junwen yang
> Priority: Major
>
--
This message was sent by Atlassian Jira
(v8.3.4#803005)