[
https://issues.apache.org/jira/browse/IMPALA-12341?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Gergely Farkas updated IMPALA-12341:
------------------------------------
Description:
Unfortunately, the THttpServer::parseHeader() function has a header parsing bug
that could lead to an authentication problem:
The THRIFT_strncasecmp() function used in the implementation returns true even
if the name of the header being processed is a prefix of the header constant
that is defined in the condition. For example: When processing the http header
"auth: anyValue", we run into the code fragment where the Authorization header
content is processed, because the condition THRIFT_strncasecmp("auth:
anyValue", "Authorization", 4) == 0) is true, since the first 4 characters of
the two strings are the same. This may break authentication if the http request
has a header with a name that is a prefix to the word "Authorization" and that
header is sent by the client after the "Authorization" header.
The affected code fragment was originally added to the impala code from the
Apache Thrift code. A bug ticket created to fix the issue in Thrift:
https://issues.apache.org/jira/browse/THRIFT-5730
> hs2 http authentication may fail due to header parsing issues if any prefix
> of the word "authorization" is present as a header in the http request
> --------------------------------------------------------------------------------------------------------------------------------------------------
>
> Key: IMPALA-12341
> URL: https://issues.apache.org/jira/browse/IMPALA-12341
> Project: IMPALA
> Issue Type: Bug
> Reporter: Gergely Farkas
> Assignee: Gergely Farkas
> Priority: Major
>
> Unfortunately, the THttpServer::parseHeader() function has a header parsing
> bug that could lead to an authentication problem:
> The THRIFT_strncasecmp() function used in the implementation returns true
> even if the name of the header being processed is a prefix of the header
> constant that is defined in the condition. For example: When processing the
> http header "auth: anyValue", we run into the code fragment where the
> Authorization header content is processed, because the condition
> THRIFT_strncasecmp("auth: anyValue", "Authorization", 4) == 0) is true, since
> the first 4 characters of the two strings are the same. This may break
> authentication if the http request has a header with a name that is a prefix
> to the word "Authorization" and that header is sent by the client after the
> "Authorization" header.
> The affected code fragment was originally added to the impala code from the
> Apache Thrift code. A bug ticket created to fix the issue in Thrift:
> https://issues.apache.org/jira/browse/THRIFT-5730
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-all-unsubscr...@impala.apache.org
For additional commands, e-mail: issues-all-h...@impala.apache.org
