You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@impala.apache.org by tm...@apache.org on 2019/08/27 22:26:28 UTC

[impala] 04/04: Fix THttpServer to not call the cookie function with an empty cookie

This is an automated email from the ASF dual-hosted git repository.

tmarshall pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/impala.git

commit 3209055ba2b5a05bedf7c9ecf0edd0e06c2525c9
Author: Thomas Tauber-Marshall <tm...@cloudera.com>
AuthorDate: Tue Aug 27 09:54:19 2019 -0700

    Fix THttpServer to not call the cookie function with an empty cookie
    
    This patch checks if the value passed in the 'Cookie' header to the
    http hs2 server is blank, and if so it ignores it.
    
    The reason to do this is so that a client sending an empty cookie
    header isn't counted as a failed cookie attempt, which is incorrect.
    
    Change-Id: I04e96fe97baae474a82fd30f2cd55ccce80570b4
    Reviewed-on: http://gerrit.cloudera.org:8080/14149
    Reviewed-by: Tim Armstrong <ta...@cloudera.com>
    Tested-by: Impala Public Jenkins <im...@cloudera.com>
---
 be/src/transport/THttpServer.cpp | 14 +++++++++-----
 1 file changed, 9 insertions(+), 5 deletions(-)

diff --git a/be/src/transport/THttpServer.cpp b/be/src/transport/THttpServer.cpp
index e1de7bf..120efe2 100644
--- a/be/src/transport/THttpServer.cpp
+++ b/be/src/transport/THttpServer.cpp
@@ -176,11 +176,15 @@ void THttpServer::headersDone() {
   // Try authenticating with cookies first.
   if (use_cookies_ && !cookie_value_.empty()) {
     StripWhiteSpace(&cookie_value_);
-    if (callbacks_.cookie_auth_fn(cookie_value_)) {
-      authorized = true;
-      if (metrics_enabled_) http_metrics_->total_cookie_auth_success_->Increment(1);
-    } else if (metrics_enabled_) {
-      http_metrics_->total_cookie_auth_failure_->Increment(1);
+    // If a 'Cookie' header was provided with an empty value, we ignore it rather than
+    // counting it as a failed cookie attempt.
+    if (!cookie_value_.empty()) {
+      if (callbacks_.cookie_auth_fn(cookie_value_)) {
+        authorized = true;
+        if (metrics_enabled_) http_metrics_->total_cookie_auth_success_->Increment(1);
+      } else if (metrics_enabled_) {
+        http_metrics_->total_cookie_auth_failure_->Increment(1);
+      }
     }
   }