You are viewing a plain text version of this content. The canonical link for it is here.
Posted to common-dev@hadoop.apache.org by "Íñigo Goiri (Jira)" <ji...@apache.org> on 2023/09/14 22:54:00 UTC

[jira] [Resolved] (HADOOP-18824) ZKDelegationTokenSecretManager causes ArithmeticException due to improper numRetries value checking

     [ https://issues.apache.org/jira/browse/HADOOP-18824?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Íñigo Goiri resolved HADOOP-18824.
----------------------------------
    Fix Version/s: 3.4.0
     Hadoop Flags: Reviewed
       Resolution: Fixed

> ZKDelegationTokenSecretManager causes ArithmeticException due to improper numRetries value checking
> ---------------------------------------------------------------------------------------------------
>
>                 Key: HADOOP-18824
>                 URL: https://issues.apache.org/jira/browse/HADOOP-18824
>             Project: Hadoop Common
>          Issue Type: Bug
>            Reporter: ConfX
>            Priority: Critical
>              Labels: pull-request-available
>             Fix For: 3.4.0
>
>         Attachments: reproduce.sh
>
>
> h2. What happened
> There is no value checking for parameter {{{}zk-dt-secret-manager.zkNumRetries{}}}. This may cause improper calculations and crashes the system like division by 0.
> h2. Buggy code
> In {{{}ZKDelegationTokenSecretManager.java{}}}, there is no value checking for {{numRetries}} which is passed directly in {{RetryNTimes}} constructor. When {{numRetries}} is mistakenly set to 0, the code would cause division by 0 and throw ArithmeticException to crash the system.
> {noformat}
> public ZKDelegationTokenSecretManager(Configuration conf) {
>         ...
>         int numRetries =
>             conf.getInt(ZK_DTSM_ZK_NUM_RETRIES, ZK_DTSM_ZK_NUM_RETRIES_DEFAULT);
>         builder =
>             ...
>                 .retryPolicy(
>                     new RetryNTimes(numRetries, sessionT / numRetries));
>         ...{noformat}
> h2. How to reproduce
>  # set zk-dt-secret-manager.zkNumRetries=0
>  # run org.apache.hadoop.security.token.delegation.TestZKDelegationTokenSecretManager.testMultiNodeOperations
>  # You will see the following stack trace.
> {noformat}
> java.lang.RuntimeException: Could not Load ZK acls or auth: java.lang.ArithmeticException: / by zero
>     at org.apache.hadoop.security.token.delegation.ZKDelegationTokenSecretManager.<init>(ZKDelegationTokenSecretManager.java:227)
>     at org.apache.hadoop.security.token.delegation.web.DelegationTokenManager$ZKSecretManager.<init>(DelegationTokenManager.java:99)
>     at org.apache.hadoop.security.token.delegation.web.DelegationTokenManager.<init>(DelegationTokenManager.java:120)
>     at org.apache.hadoop.security.token.delegation.TestZKDelegationTokenSecretManager.testMultiNodeOperations(TestZKDelegationTokenSecretManager.java:113)
>         ...{noformat}
> For an easy reproduction, run the reproduce.sh in the attachment. We are happy to provide a patch if this issue is confirmed.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

---------------------------------------------------------------------
To unsubscribe, e-mail: common-dev-unsubscribe@hadoop.apache.org
For additional commands, e-mail: common-dev-help@hadoop.apache.org