ZOOKEEPER-3008: Potential NPE in SaslQuorumAuthLearner#authenticate and SaslQuorumAuthServer#authenticate #496
+149
−5
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
lujiefsi
reviewed
Mar 28, 2018
| @@ -94,7 +94,7 @@ public void authenticate(Socket sock, String hostName) throws IOException { | |||
| principalConfig, | |||
| QuorumAuth.QUORUM_SERVER_PROTOCOL_NAME, | |||
| QuorumAuth.QUORUM_SERVER_SASL_DIGEST, LOG, "QuorumLearner"); | |||
|
|
|||
| // may happen NPE at here | |||
| if (sc.hasInitialResponse()) { | |||
| responseToken = createSaslToken(new byte[0], sc, learnerLogin); | |||
added 2 commits
March 28, 2018 17:12
anmolnar
requested changes
Mar 28, 2018
| @@ -134,6 +138,8 @@ public void authenticate(Socket sock, String hostName) throws IOException { | |||
|
|
|||
| // Validate status code at the end of authentication exchange. | |||
| checkAuthStatus(sock, qpStatus); | |||
| } catch (RuntimeException e) { | |||
There was a problem hiding this comment.
@brettKK What's the point of swallowing it here?
added 2 commits
March 28, 2018 19:25
|
@brettKK you don't need to close/reopen the pull request to trigger the build. Just amend your latest commit and do a force push. |
|
+1 |
|
@brettKK do you still work on this patch? |
|
Also ping @brettKK |
added 2 commits
April 20, 2018 10:05
anmolnar
requested changes
Apr 20, 2018
phunt
reviewed
Apr 25, 2018
| @@ -94,7 +94,10 @@ public void authenticate(Socket sock, String hostName) throws IOException { | |||
| principalConfig, | |||
| QuorumAuth.QUORUM_SERVER_PROTOCOL_NAME, | |||
| QuorumAuth.QUORUM_SERVER_SASL_DIGEST, LOG, "QuorumLearner"); | |||
|
|
|||
| if (sc == null) { | |||
There was a problem hiding this comment.
Same feedback as #495
- check the callers and see if it's handled properly. Likely it will be logged there as well. Verify/report.
- No need to say exception in an exception. The text of LOG.error line seems like it would have been a good error string for the exception itself.
- as previously noted, add a test.
There was a problem hiding this comment.
I will try unit test written by @brettKK ~~
del unuse keep up with master add NPE place fix code fix jenkins error del catch fix code delete annotation in code del test file recover code change ZOOK3007 to compare with apache master fix format del logger error and fix error message fix RTE message in ReferenceCountedACLCache class fix test add a test , and need to do del test file apply anmolnar's patch
recover code change ZOOK3007 to compare with apache master
del logger error and fix error message fix test apply anmolnar's patch
…ocSize() In my latest commit regarding TxnLogToolkit there's a refactor to outsource file padding logic from FileTxnLog to a separate class: 126fb0f#diff-89717124564925d61d29dd817bcdd915L147 Unfortunately public static method setPreallocSize(int) has also been moved to the new class, but it's being actively used by hadoop-common project too: https://github.com/apache/hadoop/blob/trunk/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/ha/ClientBaseWithFixes.java#L384 I'd like to submit a patch to revert the deleted method which is going to call the new one, but will keep backward compatibility with Hadoop. Author: Andor Molnar <[email protected]> Reviewers: [email protected] Closes #509 from anmolnar/ZOOKEEPER-3027 Change-Id: I7333b5e24c2a78d10a5c5a74c181633050bd225d del unuse keep up with master fix jenkins error del catch fix code recover zookeeper master same with apache:master recover code change ZOOK3007 to compare with apache master fix conficit del logger error and fix error message fix test apply anmolnar's patch
…ocSize() In my latest commit regarding TxnLogToolkit there's a refactor to outsource file padding logic from FileTxnLog to a separate class: 126fb0f#diff-89717124564925d61d29dd817bcdd915L147 Unfortunately public static method setPreallocSize(int) has also been moved to the new class, but it's being actively used by hadoop-common project too: https://github.com/apache/hadoop/blob/trunk/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/ha/ClientBaseWithFixes.java#L384 I'd like to submit a patch to revert the deleted method which is going to call the new one, but will keep backward compatibility with Hadoop. Author: Andor Molnar <[email protected]> Reviewers: [email protected] Closes #509 from anmolnar/ZOOKEEPER-3027 Change-Id: I7333b5e24c2a78d10a5c5a74c181633050bd225d del unuse keep up with master fix jenkins error del catch fix code recover zookeeper master same with apache:master recover code change ZOOK3007 to compare with apache master fix conficit del logger error and fix error message fix test apply anmolnar's patch
del unuse keep up with master add NPE place fix code fix jenkins error del catch fix code delete annotation in code del test file recover code change ZOOK3007 to compare with apache master fix format del logger error and fix error message fix RTE message in ReferenceCountedACLCache class fix test add a test , and need to do del test file apply anmolnar's patch
# This is the 1st commit message: fix NPE bug # This is the commit message #2: NPE inZOOKEEPER-3008 # This is the commit message #3: del unuse # This is the commit message #4: keep up with master # This is the commit message #5: add NPE place # This is the commit message #6: fix code # This is the commit message #7: fix jenkins error # This is the commit message #8: del catch # This is the commit message #9: fix code # This is the commit message #10: delete annotation in code # This is the commit message #11: del test file
recover code change ZOOK3007 to compare with apache master fix format del logger error and fix error message fix RTE message in ReferenceCountedACLCache class
NPE inZOOKEEPER-3008 del unuse keep up with master add NPE place fix code fix jenkins error del catch fix code delete annotation in code del test file merge info recover code change ZOOK3007 to compare with apache master fix format del logger error and fix error message fix RTE message in ReferenceCountedACLCache class NPE inZOOKEEPER-3008 del unuse keep up with master fix jenkins error del catch fix code delete annotation in code del test file
pravsingh
reviewed
Jul 27, 2018
| this.learnerLogin = new Login(loginContext, | ||
| new SaslClientCallbackHandler(null, "QuorumLearner"), new ZKConfig()); | ||
| this.learnerLogin = loginFactory.createLogin(loginContext, | ||
| new SaslClientCallbackHandler(null, "QuorumLearner"), new ZKConfig()); |
There was a problem hiding this comment.
this can be put on above line. makes it more readable.
|
@anmolnar , thanks for your attention, I will work on it this weekend |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
@LJ1043041006 found a potential NPE in ZK
callee :SecurityUtils#createSaslClient will return null while encounter exception
but its caller has no null check just like:
and caller SaslQuorumAuthLearner#authenticate call it without null check