master

分支 (20)

标签 (17)

管理

管理

master

openEuler-24.09

openEuler-24.03-LTS

openEuler-24.03-LTS-Next

openEuler-24.03-LTS-SP1

openEuler-23.09

openEuler-22.03-LTS-SP2

openEuler-22.03-LTS-Next

openEuler-22.03-LTS-SP3

openEuler-22.03-LTS-SP4

openEuler-23.03

openEuler-22.03-LTS-SP1

openEuler-20.03-LTS-Next

openEuler-20.03-LTS-SP2

openEuler-20.03-LTS-SP3

openEuler-20.03-LTS-SP4

openEuler-22.03-LTS

openEuler-22.09

openEuler-21.09

openEuler-20.09

openEuler-24.03-LTS-SP1-release

openEuler-22.03-LTS-SP4-release

openEuler-24.09-release

openEuler-24.03-LTS-release

openEuler-22.03-LTS-SP3-release

openEuler-23.09-rc5

openEuler-22.03-LTS-SP1-release

openEuler-22.09-release

openEuler-22.09-rc5

openEuler-22.09-20220829

openEuler-22.03-LTS-20220331

openEuler-22.03-LTS-round5

openEuler-22.03-LTS-round3

openEuler-22.03-LTS-round2

openEuler-22.03-LTS-round1

openEuler-20.03-LTS-SP3-release

openEuler-20.03-LTS-SP2-20210624

hive
/
backport-CVE-2024-23945.patch

From 7638cb1a3b07713cc490aa2909a37037f89e08b4 Mon Sep 17 00:00:00 2001
From: Ayush Saxena <ayushsaxena@apache.org>
Date: Thu, 23 Nov 2023 11:50:50 +0530
Subject: [PATCH] Refactor Some Code. (#4887). (Ayush Saxena, reviewed by
Denys Kuzmenko)
---
 .../org/apache/hive/service/CookieSigner.java |  6 +---
 .../apache/hive/service/TestCookieSigner.java | 28 +++++++++++++++++++
 2 files changed, 29 insertions(+), 5 deletions(-)

diff --git a/service/src/java/org/apache/hive/service/CookieSigner.java b/service/src/java/org/apache/hive/service/CookieSigner.java
index c4d88de4..62c9acbd 100644
--- a/service/src/java/org/apache/hive/service/CookieSigner.java
+++ b/service/src/java/org/apache/hive/service/CookieSigner.java
@@ -78,12 +78,8 @@ public String verifyAndExtract(String signedStr) {
     String rawValue = signedStr.substring(0, index);
     String currentSignature = getSignature(rawValue);

-    if (LOG.isDebugEnabled()) {
-      LOG.debug("Signature generated for " + rawValue + " inside verify is " + currentSignature);
-    }
     if (!MessageDigest.isEqual(originalSignature.getBytes(), currentSignature.getBytes())) {
-      throw new IllegalArgumentException("Invalid sign, original = " + originalSignature +
-        " current = " + currentSignature);
+      throw new IllegalArgumentException("Invalid sign= " + originalSignature);
     }
     return rawValue;
   }
diff --git a/service/src/test/org/apache/hive/service/TestCookieSigner.java b/service/src/test/org/apache/hive/service/TestCookieSigner.java
index b1aa0d84..544f54cf 100644
--- a/service/src/test/org/apache/hive/service/TestCookieSigner.java
+++ b/service/src/test/org/apache/hive/service/TestCookieSigner.java
@@ -56,4 +56,32 @@ public void testVerifyAndExtract() throws Exception {
     String signedStr = cs.signCookie(originalStr);
     assert(cs.verifyAndExtract(signedStr).equals(originalStr));
   }
+
+  @Test
+  public void testVerifyAndExtractNoSignature() {
+    String originalStr = "cu=scott";
+    String signedStr = cs.signCookie(originalStr);
+    String modifedSignedStr = signedStr.replace("&s=", "");
+    try {
+      cs.verifyAndExtract(modifedSignedStr);
+    } catch (IllegalArgumentException e) {
+      assertEquals("Invalid input sign: " + modifedSignedStr, e.getMessage());
+      return;
+    }
+    fail("Expected IllegalArgumentException due to no signature");
+  }
+
+  @Test
+  public void testVerifyAndExtractInvalidSignature() {
+    String originalStr = "cu=scott";
+    String signedStr = cs.signCookie(originalStr);
+    String modifedSignedStr = signedStr.replace("&s=", "&s=abc");
+    try {
+      cs.verifyAndExtract(modifedSignedStr);
+    } catch (IllegalArgumentException e) {
+      assertTrue(e.getMessage().startsWith("Invalid sign= "));
+      return;
+    }
+    fail("Expected IllegalArgumentException checking signature");
+  }
 }
--
2.41.0