[jira] [Resolved] (HADOOP-18824) ZKDelegationTokenSecretManager causes ArithmeticException due to improper numRetries value checking

Thu, 14 Sep 2023 15:54:40 -0700 


     [ 
https://issues.apache.org/jira/browse/HADOOP-18824?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Íñigo Goiri resolved HADOOP-18824.
----------------------------------
    Fix Version/s: 3.4.0
     Hadoop Flags: Reviewed
       Resolution: Fixed

> ZKDelegationTokenSecretManager causes ArithmeticException due to improper 
> numRetries value checking
> ---------------------------------------------------------------------------------------------------
>
>                 Key: HADOOP-18824
>                 URL: https://issues.apache.org/jira/browse/HADOOP-18824
>             Project: Hadoop Common
>          Issue Type: Bug
>            Reporter: ConfX
>            Priority: Critical
>              Labels: pull-request-available
>             Fix For: 3.4.0
>
>         Attachments: reproduce.sh
>
>
> h2. What happened
> There is no value checking for parameter 
> {{{}zk-dt-secret-manager.zkNumRetries{}}}. This may cause improper 
> calculations and crashes the system like division by 0.
> h2. Buggy code
> In {{{}ZKDelegationTokenSecretManager.java{}}}, there is no value checking 
> for {{numRetries}} which is passed directly in {{RetryNTimes}} constructor. 
> When {{numRetries}} is mistakenly set to 0, the code would cause division by 
> 0 and throw ArithmeticException to crash the system.
> {noformat}
> public ZKDelegationTokenSecretManager(Configuration conf) {
>         ...
>         int numRetries =
>             conf.getInt(ZK_DTSM_ZK_NUM_RETRIES, 
> ZK_DTSM_ZK_NUM_RETRIES_DEFAULT);
>         builder =
>             ...
>                 .retryPolicy(
>                     new RetryNTimes(numRetries, sessionT / numRetries));
>         ...{noformat}
> h2. How to reproduce
>  # set zk-dt-secret-manager.zkNumRetries=0
>  # run 
> org.apache.hadoop.security.token.delegation.TestZKDelegationTokenSecretManager.testMultiNodeOperations
>  # You will see the following stack trace.
> {noformat}
> java.lang.RuntimeException: Could not Load ZK acls or auth: 
> java.lang.ArithmeticException: / by zero
>     at 
> org.apache.hadoop.security.token.delegation.ZKDelegationTokenSecretManager.<init>(ZKDelegationTokenSecretManager.java:227)
>     at 
> org.apache.hadoop.security.token.delegation.web.DelegationTokenManager$ZKSecretManager.<init>(DelegationTokenManager.java:99)
>     at 
> org.apache.hadoop.security.token.delegation.web.DelegationTokenManager.<init>(DelegationTokenManager.java:120)
>     at 
> org.apache.hadoop.security.token.delegation.TestZKDelegationTokenSecretManager.testMultiNodeOperations(TestZKDelegationTokenSecretManager.java:113)
>         ...{noformat}
> For an easy reproduction, run the reproduce.sh in the attachment. We are 
> happy to provide a patch if this issue is confirmed.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to