CASSANDRA-12700: Better handle invalid system roles table Patch by Jeff Jirsa; Reviewed by Sam Tunnicliffe for CASSANDRA-12700
Project: http://git-wip-us.apache.org/repos/asf/cassandra/repo Commit: http://git-wip-us.apache.org/repos/asf/cassandra/commit/ff5c497d Tree: http://git-wip-us.apache.org/repos/asf/cassandra/tree/ff5c497d Diff: http://git-wip-us.apache.org/repos/asf/cassandra/diff/ff5c497d Branch: refs/heads/cassandra-3.0 Commit: ff5c497d1fc553f3dcc57a5b0f1329d66082c1d3 Parents: 73b888d Author: Jeff Jirsa <jeff.ji...@crowdstrike.com> Authored: Thu Sep 29 22:29:22 2016 -0700 Committer: Jeff Jirsa <jeff.ji...@crowdstrike.com> Committed: Tue Oct 11 21:23:05 2016 -0700 ---------------------------------------------------------------------- CHANGES.txt | 1 + .../cassandra/auth/CassandraRoleManager.java | 22 +++++++++++++++----- .../serializers/BooleanSerializer.java | 2 +- 3 files changed, 19 insertions(+), 6 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/cassandra/blob/ff5c497d/CHANGES.txt ---------------------------------------------------------------------- diff --git a/CHANGES.txt b/CHANGES.txt index 6ee2ddc..ae9ef7a 100644 --- a/CHANGES.txt +++ b/CHANGES.txt @@ -2,6 +2,7 @@ * Fix leak errors and execution rejected exceptions when draining (CASSANDRA-12457) * Fix merkle tree depth calculation (CASSANDRA-12580) * Make Collections deserialization more robust (CASSANDRA-12618) + * Better handle invalid system roles table (CASSANDRA-12700) 2.2.8 http://git-wip-us.apache.org/repos/asf/cassandra/blob/ff5c497d/src/java/org/apache/cassandra/auth/CassandraRoleManager.java ---------------------------------------------------------------------- diff --git a/src/java/org/apache/cassandra/auth/CassandraRoleManager.java b/src/java/org/apache/cassandra/auth/CassandraRoleManager.java index 3a59581..dbae1ba 100644 --- a/src/java/org/apache/cassandra/auth/CassandraRoleManager.java +++ b/src/java/org/apache/cassandra/auth/CassandraRoleManager.java @@ -81,11 +81,23 @@ public class CassandraRoleManager implements IRoleManager { public Role apply(UntypedResultSet.Row row) { - return new Role(row.getString("role"), - row.getBoolean("is_superuser"), - row.getBoolean("can_login"), - row.has("member_of") ? row.getSet("member_of", UTF8Type.instance) - : Collections.<String>emptySet()); + try + { + return new Role(row.getString("role"), + row.getBoolean("is_superuser"), + row.getBoolean("can_login"), + row.has("member_of") ? row.getSet("member_of", UTF8Type.instance) + : Collections.<String>emptySet()); + } + // Failing to deserialize a boolean in is_superuser or can_login will throw an NPE + catch (NullPointerException e) + { + logger.warn("An invalid value has been detected in the {} table for role {}. If you are " + + "unable to login, you may need to disable authentication and confirm " + + "that values in that table are accurate", AuthKeyspace.ROLES, row.getString("role")); + throw new RuntimeException(String.format("Invalid metadata has been detected for role %s", row.getString("role")), e); + } + } }; http://git-wip-us.apache.org/repos/asf/cassandra/blob/ff5c497d/src/java/org/apache/cassandra/serializers/BooleanSerializer.java ---------------------------------------------------------------------- diff --git a/src/java/org/apache/cassandra/serializers/BooleanSerializer.java b/src/java/org/apache/cassandra/serializers/BooleanSerializer.java index dffecd6..0d6580e 100644 --- a/src/java/org/apache/cassandra/serializers/BooleanSerializer.java +++ b/src/java/org/apache/cassandra/serializers/BooleanSerializer.java @@ -30,7 +30,7 @@ public class BooleanSerializer implements TypeSerializer<Boolean> public Boolean deserialize(ByteBuffer bytes) { - if (bytes.remaining() == 0) + if (bytes == null || bytes.remaining() == 0) return null; byte value = bytes.get(bytes.position());
