You are viewing a plain text version of this content. The canonical link for it is here.

Posted to common-dev@hadoop.apache.org by "Steve Loughran (JIRA)" <ji...@apache.org> on 2008/10/21 15:27:44 UTC

[jira] Commented: (HADOOP-4475) The (deprecated) method NetUtils.getServerAddress() doesn't validate configuration values enough

    [ https://issues.apache.org/jira/browse/HADOOP-4475?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12641376#action_12641376 ] 

Steve Loughran commented on HADOOP-4475:
----------------------------------------

Here's the problem

  public static String getServerAddress(Configuration conf,
                                        String oldBindAddressName,
                                        String oldPortName,
                                        String newBindAddressName) {

//The method reads in the old and new binding values
    String oldAddr = conf.get(oldBindAddressName);
    String oldPort = conf.get(oldPortName);
    String newAddrPort = conf.get(newBindAddressName);

//if the old values are null: the new value is returned without any validation
    if (oldAddr == null && oldPort == null) {
      return newAddrPort;
    }

//only if either of the old binding values are unset, is there any attempt to validate the newAddPort value
    String[] newAddrPortParts = newAddrPort.split(":",2);
    if (newAddrPortParts.length != 2) {
      throw new IllegalArgumentException("Invalid address/port: " + 
                                         newAddrPort);
    }
...

> The (deprecated) method NetUtils.getServerAddress() doesn't validate configuration values enough
> ------------------------------------------------------------------------------------------------
>
>                 Key: HADOOP-4475
>                 URL: https://issues.apache.org/jira/browse/HADOOP-4475
>             Project: Hadoop Core
>          Issue Type: Bug
>          Components: conf
>    Affects Versions: 0.20.0
>            Reporter: Steve Loughran
>            Priority: Minor
>
> Although HADOPP-2827 wants to kill this method, it is handy, but it doesn't have enough address validation, and can return a null value, which triggers NPEs a bit later on in the code

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.