Hello Jason Fehr, Csaba Ringhofer, Impala Public Jenkins, I'd like you to reexamine a change. Please visit
http://gerrit.cloudera.org:8080/20301 to look at the new patch set (#11). Change subject: IMPALA-12341: Fix http header parsing issue in thrift http server ...................................................................... IMPALA-12341: Fix http header parsing issue in thrift http server This change fixes the following http header parsing bug in THttpServer: The THRIFT_strncasecmp() function used in the THttpServer::parseHeader() function returns true even if the name of the header being processed is a prefix of the header constant that is defined in the condition. For example: In the original implementation when processing the http header "auth: anyValue", we run into the code fragment where the Authorization header content is processed, because the condition THRIFT_strncasecmp("auth: anyValue", "Authorization", 4) == 0) is true, since the first 4 characters of the two strings are the same. This can break authentication if the http request has a header with a name that is a prefix to the word "Authorization". If the length of the checked header is included in the condition, this problem is avoided, so this fix refactors the if conditions, so that this check is present everywhere. Tested with new custom cluster tests. Change-Id: I754639cfe3eab0016d09f71ded4821caa357bf87 --- M be/src/transport/THttpServer.cpp M fe/src/test/java/org/apache/impala/customcluster/LdapHS2Test.java 2 files changed, 51 insertions(+), 10 deletions(-) git pull ssh://gerrit.cloudera.org:29418/Impala-ASF refs/changes/01/20301/11 -- To view, visit http://gerrit.cloudera.org:8080/20301 To unsubscribe, visit http://gerrit.cloudera.org:8080/settings Gerrit-Project: Impala-ASF Gerrit-Branch: master Gerrit-MessageType: newpatchset Gerrit-Change-Id: I754639cfe3eab0016d09f71ded4821caa357bf87 Gerrit-Change-Number: 20301 Gerrit-PatchSet: 11 Gerrit-Owner: Gergely Farkas <gfar...@cloudera.com> Gerrit-Reviewer: Csaba Ringhofer <csringho...@cloudera.com> Gerrit-Reviewer: Gergely Farkas <gfar...@cloudera.com> Gerrit-Reviewer: Impala Public Jenkins <impala-public-jenk...@cloudera.com> Gerrit-Reviewer: Jason Fehr <jf...@cloudera.com>