HDFS-4401. Fix bug in DomainSocket path validation. Contributed by Colin Patrick McCabe.

git-svn-id: https://svn.apache.org/repos/asf/hadoop/common/branches/HDFS-347@1433229 13f79535-47bb-0310-9956-ffa450edef68
This commit is contained in:
Todd Lipcon 2013-01-15 00:12:47 +00:00
parent d08b1af26a
commit 35a145d92f
3 changed files with 20 additions and 12 deletions

View File

@ -232,7 +232,7 @@ Java_org_apache_hadoop_net_unix_DomainSocket_validateSocketPathSecurity0(
JNIEnv *env, jclass clazz, jobject jstr, jint skipComponents)
{
jint utfLength;
char path[PATH_MAX], check[PATH_MAX] = { 0 }, *token, *rest;
char path[PATH_MAX], check[PATH_MAX], *token, *rest;
struct stat st;
int ret, mode, strlenPath;
uid_t uid;
@ -263,21 +263,26 @@ JNIEnv *env, jclass clazz, jobject jstr, jint skipComponents)
"must not end in a slash.", path);
goto done;
}
rest = path;
while ((token = strtok_r(rest, "/", &rest))) {
// This loop iterates through all of the path components except for the very
// last one. We don't validate the last component, since it's not supposed to
// be a directory. (If it is a directory, we will fail to create the socket
// later with EISDIR or similar.)
for (check[0] = '/', check[1] = '\0', rest = path, token = "";
token && rest[0];
token = strtok_r(rest, "/", &rest)) {
if (strcmp(check, "/") != 0) {
// If the previous directory we checked was '/', we skip appending another
// slash to the end because it would be unncessary. Otherwise we do it.
strcat(check, "/");
}
// These strcats are safe because the length of 'check' is the same as the
// length of 'path' and we never add more slashes than were in the original
// path.
strcat(check, token);
if (skipComponents > 0) {
skipComponents--;
continue;
}
if (!index(rest, '/')) {
/* Don't validate the last component, since it's not supposed to be a
* directory. (If it is a directory, we will fail to create the socket
* later with EISDIR or similar.)
*/
break;
}
if (stat(check, &st) < 0) {
ret = errno;
jthr = newIOException(env, "failed to stat a path component: '%s'. "

View File

@ -698,7 +698,7 @@ public class TestDomainSocket {
"component: ", e);
}
// Root should be secure
DomainSocket.validateSocketPathSecurity0("/foo", 0);
DomainSocket.validateSocketPathSecurity0("/foo", 1);
} finally {
tmp.close();
}

View File

@ -19,3 +19,6 @@ HDFS-4390. Bypass UNIX domain socket unit tests when they cannot be run.
HDFS-4400. DFSInputStream#getBlockReader: last retries should ignore the cache
(Colin Patrick McCabe via todd)
HDFS-4401. Fix bug in DomainSocket path validation
(Colin Patrick McCabe via todd)