antogruz opened a new pull request, #131:
URL: https://github.com/apache/solr-sandbox/pull/131
This PR contains two commits, well separated:
### 1. `Show and fix the invisible flaw of DecryptingIndexInput`
A one-line fix in `seek()` plus a regression test.
When `slice()` produces a fresh `DecryptingIndexInput`, the constructor
leaves the AES-CTR encrypter at counter 0 and relies on the immediate `seek(0)`
to call `setPosition()` with the correct counter and padding for the slice's
actual offset. But when the cloned delegate's file pointer already matches the
target position - which happens whenever the slice is created at offset 0 -
`seek()` was taking a buffered-output shortcut and skipping `setPosition()`
entirely. With an empty buffer (`outSize == 0` on a fresh slice), the shortcut
condition `targetPosition >= currentPosition && targetPosition <=
delegatePosition` trivially holds, leaving the encrypter at counter=0 with
padding=0. Any subsequent read returned corrupted plaintext.
The fix is to guard the shortcut with `outSize > 0`, so that a fresh slice
always goes through `setPosition()` on its `seek(0)`.
The bug is exercised by `IndexInput#randomAccessSlice(long, long)`, which
internally calls `slice("randomaccess", 0, length)`. A new test
`testRandomAccessSlice` reproduces it with `prefixSize=17` so both the AES
counter (`17/16=1`) and the padding (`17%16=1`) are non-zero, ensuring both
dimensions of the bug are caught.
### 2. `Extract DecryptionBuffer into private class`
Pure refactoring. Moves all the AES-CTR buffering state (encrypter, in/out
byte buffers, positions, padding) and the methods that operate on it into a new
private static inner class `DecryptionBuffer`. `DecryptingIndexInput` keeps
only the `IndexInput`-level concerns (file pointer, slice bounds, clone/close
lifecycle) and delegates byte-level operations to the buffer.
No behavior change. The seven existing `DecryptingIndexInputTest` tests
still pass, including the guard introduced by commit 1, which is now expressed
as `buffer.hasData()` instead of `outSize > 0`.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
