[ https://issues.apache.org/jira/browse/HDFS-6368?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13998331#comment-13998331 ]
Andrew Wang commented on HDFS-6368: ----------------------------------- Ted, note that ImageServlet#validateRequest checks that the upload comes from an authorized user. If an attacker has compromised the NN or superuser account, many other bad things can also happen. I guess we could still validate, but I'm inclined to close as "not a problem". > TransferFsImage#receiveFile() should perform validation on fsImageName > parameter > -------------------------------------------------------------------------------- > > Key: HDFS-6368 > URL: https://issues.apache.org/jira/browse/HDFS-6368 > Project: Hadoop HDFS > Issue Type: Bug > Reporter: Ted Yu > Priority: Minor > > Currently only null check is performed: > {code} > if (fsImageName == null) { > throw new IOException("No filename header provided by server"); > } > newLocalPaths.add(new File(localPath, fsImageName)); > {code} > Value of fsImageName, obtained from HttpURLConnection header, may be tainted. > This may allow an attacker to access, modify, or test the existence of > critical or sensitive files. -- This message was sent by Atlassian JIRA (v6.2#6252)