[ https://issues.apache.org/jira/browse/HADOOP-18824?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Íñigo Goiri resolved HADOOP-18824. ---------------------------------- Fix Version/s: 3.4.0 Hadoop Flags: Reviewed Resolution: Fixed > ZKDelegationTokenSecretManager causes ArithmeticException due to improper > numRetries value checking > --------------------------------------------------------------------------------------------------- > > Key: HADOOP-18824 > URL: https://issues.apache.org/jira/browse/HADOOP-18824 > Project: Hadoop Common > Issue Type: Bug > Reporter: ConfX > Priority: Critical > Labels: pull-request-available > Fix For: 3.4.0 > > Attachments: reproduce.sh > > > h2. What happened > There is no value checking for parameter > {{{}zk-dt-secret-manager.zkNumRetries{}}}. This may cause improper > calculations and crashes the system like division by 0. > h2. Buggy code > In {{{}ZKDelegationTokenSecretManager.java{}}}, there is no value checking > for {{numRetries}} which is passed directly in {{RetryNTimes}} constructor. > When {{numRetries}} is mistakenly set to 0, the code would cause division by > 0 and throw ArithmeticException to crash the system. > {noformat} > public ZKDelegationTokenSecretManager(Configuration conf) { > ... > int numRetries = > conf.getInt(ZK_DTSM_ZK_NUM_RETRIES, > ZK_DTSM_ZK_NUM_RETRIES_DEFAULT); > builder = > ... > .retryPolicy( > new RetryNTimes(numRetries, sessionT / numRetries)); > ...{noformat} > h2. How to reproduce > # set zk-dt-secret-manager.zkNumRetries=0 > # run > org.apache.hadoop.security.token.delegation.TestZKDelegationTokenSecretManager.testMultiNodeOperations > # You will see the following stack trace. > {noformat} > java.lang.RuntimeException: Could not Load ZK acls or auth: > java.lang.ArithmeticException: / by zero > at > org.apache.hadoop.security.token.delegation.ZKDelegationTokenSecretManager.<init>(ZKDelegationTokenSecretManager.java:227) > at > org.apache.hadoop.security.token.delegation.web.DelegationTokenManager$ZKSecretManager.<init>(DelegationTokenManager.java:99) > at > org.apache.hadoop.security.token.delegation.web.DelegationTokenManager.<init>(DelegationTokenManager.java:120) > at > org.apache.hadoop.security.token.delegation.TestZKDelegationTokenSecretManager.testMultiNodeOperations(TestZKDelegationTokenSecretManager.java:113) > ...{noformat} > For an easy reproduction, run the reproduce.sh in the attachment. We are > happy to provide a patch if this issue is confirmed. -- This message was sent by Atlassian Jira (v8.20.10#820010) --------------------------------------------------------------------- To unsubscribe, e-mail: common-dev-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-dev-h...@hadoop.apache.org