You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@hive.apache.org by "Piotr Findeisen (JIRA)" <ji...@apache.org> on 2019/08/01 20:51:00 UTC
[jira] [Commented] (HIVE-22073) SQL Injection in
TxnHandler#enqueueLockWithRetry
[ https://issues.apache.org/jira/browse/HIVE-22073?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16898351#comment-16898351 ]
Piotr Findeisen commented on HIVE-22073:
----------------------------------------
In {{master}} this seems fixed already by HIVE-20607.
It might be sufficient to backport that change to 3.1 branch
> SQL Injection in TxnHandler#enqueueLockWithRetry
> ------------------------------------------------
>
> Key: HIVE-22073
> URL: https://issues.apache.org/jira/browse/HIVE-22073
> Project: Hive
> Issue Type: Bug
> Affects Versions: 3.1.1
> Reporter: Piotr Findeisen
> Priority: Critical
>
> The {{org.apache.hadoop.hive.metastore.txn.TxnHandler#enqueueLockWithRetry}} method gets called for Thrift {{lock}} API call with input passed from the user.
> Within that method there is SQL injection possible:
> [https://github.com/apache/hive/blob/774a8ef7a6e92c8a43cad2fa66bd944e666f75f0/standalone-metastore/src/main/java/org/apache/hadoop/hive/metastore/txn/TxnHandler.java#L1987-L1991]
> for example, when partition name contains an apostrophe.
>
> Impact:
> * vulnerability: privilege escalation possible
> * availability: user cannot query ACID table where string/varchar partition key contains an apostrophe
>
>
>
--
This message was sent by Atlassian JIRA
(v7.6.14#76016)