You are viewing a plain text version of this content. The canonical link for it is here.
Posted to common-dev@hadoop.apache.org by "Íñigo Goiri (Jira)" <ji...@apache.org> on 2023/09/14 22:54:00 UTC
[jira] [Resolved] (HADOOP-18824) ZKDelegationTokenSecretManager causes ArithmeticException due to improper numRetries value checking
[ https://issues.apache.org/jira/browse/HADOOP-18824?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Íñigo Goiri resolved HADOOP-18824.
----------------------------------
Fix Version/s: 3.4.0
Hadoop Flags: Reviewed
Resolution: Fixed
> ZKDelegationTokenSecretManager causes ArithmeticException due to improper numRetries value checking
> ---------------------------------------------------------------------------------------------------
>
> Key: HADOOP-18824
> URL: https://issues.apache.org/jira/browse/HADOOP-18824
> Project: Hadoop Common
> Issue Type: Bug
> Reporter: ConfX
> Priority: Critical
> Labels: pull-request-available
> Fix For: 3.4.0
>
> Attachments: reproduce.sh
>
>
> h2. What happened
> There is no value checking for parameter {{{}zk-dt-secret-manager.zkNumRetries{}}}. This may cause improper calculations and crashes the system like division by 0.
> h2. Buggy code
> In {{{}ZKDelegationTokenSecretManager.java{}}}, there is no value checking for {{numRetries}} which is passed directly in {{RetryNTimes}} constructor. When {{numRetries}} is mistakenly set to 0, the code would cause division by 0 and throw ArithmeticException to crash the system.
> {noformat}
> public ZKDelegationTokenSecretManager(Configuration conf) {
> ...
> int numRetries =
> conf.getInt(ZK_DTSM_ZK_NUM_RETRIES, ZK_DTSM_ZK_NUM_RETRIES_DEFAULT);
> builder =
> ...
> .retryPolicy(
> new RetryNTimes(numRetries, sessionT / numRetries));
> ...{noformat}
> h2. How to reproduce
> # set zk-dt-secret-manager.zkNumRetries=0
> # run org.apache.hadoop.security.token.delegation.TestZKDelegationTokenSecretManager.testMultiNodeOperations
> # You will see the following stack trace.
> {noformat}
> java.lang.RuntimeException: Could not Load ZK acls or auth: java.lang.ArithmeticException: / by zero
> at org.apache.hadoop.security.token.delegation.ZKDelegationTokenSecretManager.<init>(ZKDelegationTokenSecretManager.java:227)
> at org.apache.hadoop.security.token.delegation.web.DelegationTokenManager$ZKSecretManager.<init>(DelegationTokenManager.java:99)
> at org.apache.hadoop.security.token.delegation.web.DelegationTokenManager.<init>(DelegationTokenManager.java:120)
> at org.apache.hadoop.security.token.delegation.TestZKDelegationTokenSecretManager.testMultiNodeOperations(TestZKDelegationTokenSecretManager.java:113)
> ...{noformat}
> For an easy reproduction, run the reproduce.sh in the attachment. We are happy to provide a patch if this issue is confirmed.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: common-dev-unsubscribe@hadoop.apache.org
For additional commands, e-mail: common-dev-help@hadoop.apache.org