junwen yang created HBASE-25856: ----------------------------------- Summary: Vulnerabilities found when serializing enum value Key: HBASE-25856 URL: https://issues.apache.org/jira/browse/HBASE-25856 Project: HBase Issue Type: Improvement Reporter: junwen yang
In hadoop/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/common/HdfsServerConstants.java, the way to serialize the enum ReplicaState is to write the ordinal to the output stream, which makes the serialization and deserialization vulnerable to the order of the values. If later in the new version, a value is added for the enum ReplicaState, then the cross-version interaction will cause problems, similar to HDFS-15624. An improvement is to either add comments to inform later developers not to change this enum, or add checking when trying to deserialize the enum to check whether the index is not out of index. -- This message was sent by Atlassian Jira (v8.3.4#803005)