xiaoqin.fu created ZOOKEEPER-3488: ------------------------------------- Summary: Possible information leakage to log without LOG configuration control LOG.isInfoEnabled() Key: ZOOKEEPER-3488 URL: https://issues.apache.org/jira/browse/ZOOKEEPER-3488 Project: ZooKeeper Issue Type: Bug Components: security, server Affects Versions: 3.4.14, 3.5.5, 3.4.13, 3.4.12, 3.4.11 Environment: Ubuntu 16.04.3 LTS Open JDK version "1.8.0_191" build 25.191-b12 Reporter: xiaoqin.fu
In org.apache.zookeeper.server.ZooKeeperServer, statements LOG.info(....) don't have LOG configuration controls. public ZooKeeperServer(FileTxnSnapLog txnLogFactory, int tickTime, int minSessionTimeout, int maxSessionTimeout, ZKDatabase zkDb) { ...... LOG.info("Created server with tickTime " + tickTime + " minSessionTimeout " + getMinSessionTimeout() + " maxSessionTimeout " + getMaxSessionTimeout() + " datadir " + txnLogFactory.getDataDir() + " snapdir " + txnLogFactory.getSnapDir()); ...... } public void finishSessionInit(ServerCnxn cnxn, boolean valid) ...... if (!valid) { LOG.info("Invalid session 0x" + Long.toHexString(cnxn.getSessionId()) + " for client " + cnxn.getRemoteSocketAddress() + ", probably expired"); cnxn.sendBuffer(ServerCnxnFactory.closeConn); } else { LOG.info("Established session 0x" + Long.toHexString(cnxn.getSessionId()) + " with negotiated timeout " + cnxn.getSessionTimeout() + " for client " + cnxn.getRemoteSocketAddress()); cnxn.enableRecv(); } ...... } Sensitive information about DataDir, SnapDir, SessionId and RemoteSocketAddress may be leaked. It is better to add LOG.isInfoEnabled() conditional statements: public ZooKeeperServer(FileTxnSnapLog txnLogFactory, int tickTime, int minSessionTimeout, int maxSessionTimeout, ZKDatabase zkDb) { ...... if (LOG.isInfoEnabled()) LOG.info("Created server with tickTime " + tickTime + " minSessionTimeout " + getMinSessionTimeout() + " maxSessionTimeout " + getMaxSessionTimeout() + " datadir " + txnLogFactory.getDataDir() + " snapdir " + txnLogFactory.getSnapDir()); ...... } public void finishSessionInit(ServerCnxn cnxn, boolean valid) { ...... if (!valid) { if (LOG.isInfoEnabled()) LOG.info("Invalid session 0x" + Long.toHexString(cnxn.getSessionId()) + " for client " + cnxn.getRemoteSocketAddress() + ", probably expired"); cnxn.sendBuffer(ServerCnxnFactory.closeConn); } else { if (LOG.isInfoEnabled()) LOG.info("Established session 0x" + Long.toHexString(cnxn.getSessionId()) + " with negotiated timeout " + cnxn.getSessionTimeout() + " for client " + cnxn.getRemoteSocketAddress()); cnxn.enableRecv(); } ...... } The LOG.isInfoEnabled() conditional statement already exists in org.apache.zookeeper.server.persistence.FileTxnLog: public synchronized boolean append(TxnHeader hdr, Record txn) throws IOException { { ...... if(LOG.isInfoEnabled()){ LOG.info("Creating new log file: " + Util.makeLogName(hdr.getZxid())); } ...... } -- This message was sent by Atlassian JIRA (v7.6.14#76016)