From fd7554ff2e7562d908300f1565a1ed9e7fdc8936 Mon Sep 17 00:00:00 2001 From: Denodo Research Labs Date: Thu, 30 Jan 2025 10:41:21 +0100 Subject: [PATCH] Upgrade libthrift to 0.14.1 due CVE-2020-13949 --- pom.xml | 6 +++++- presto-accumulo/pom.xml | 11 ++++++++++ .../hive/metastore/thrift/Transport.java | 20 +++++++++++++++++++ .../KerberosHiveMetastoreAuthentication.java | 7 +++++++ 4 files changed, 43 insertions(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index cf8e996d137f5..9153923902f14 100644 --- a/pom.xml +++ b/pom.xml @@ -1445,7 +1445,7 @@ org.apache.thrift libthrift - 0.9.3 + 0.14.1 org.apache.httpcomponents @@ -1455,6 +1455,10 @@ org.apache.httpcomponents httpclient + + org.apache.tomcat.embed + tomcat-embed-core + diff --git a/presto-accumulo/pom.xml b/presto-accumulo/pom.xml index d84a73f768442..fe553d50d1447 100644 --- a/presto-accumulo/pom.xml +++ b/presto-accumulo/pom.xml @@ -19,6 +19,17 @@ 1.2.18.3 + + + + org.apache.thrift + libthrift + + 0.9.3 + + + + org.apache.accumulo diff --git a/presto-hive-metastore/src/main/java/com/facebook/presto/hive/metastore/thrift/Transport.java b/presto-hive-metastore/src/main/java/com/facebook/presto/hive/metastore/thrift/Transport.java index 3ab0dafd5480e..d7f95f90d49d5 100644 --- a/presto-hive-metastore/src/main/java/com/facebook/presto/hive/metastore/thrift/Transport.java +++ b/presto-hive-metastore/src/main/java/com/facebook/presto/hive/metastore/thrift/Transport.java @@ -15,6 +15,7 @@ import com.facebook.presto.hive.authentication.HiveMetastoreAuthentication; import com.google.common.net.HostAndPort; +import org.apache.thrift.TConfiguration; import org.apache.thrift.transport.TSocket; import org.apache.thrift.transport.TTransport; import org.apache.thrift.transport.TTransportException; @@ -217,5 +218,24 @@ public void flush() throw rewriteException(e, address); } } + + // Methods added in libthrift 0.14.0 and not present in Hive Metastore <= 3.1.2 + @Override + public TConfiguration getConfiguration() + { + return TConfiguration.DEFAULT; + } + + @Override + public void updateKnownMessageSize(long size) + throws TTransportException + { + } + + @Override + public void checkReadBytesAvailable(long numBytes) + throws TTransportException + { + } } } diff --git a/presto-hive/src/main/java/com/facebook/presto/hive/authentication/KerberosHiveMetastoreAuthentication.java b/presto-hive/src/main/java/com/facebook/presto/hive/authentication/KerberosHiveMetastoreAuthentication.java index 55ecd274da896..772d0ff1cbfa6 100644 --- a/presto-hive/src/main/java/com/facebook/presto/hive/authentication/KerberosHiveMetastoreAuthentication.java +++ b/presto-hive/src/main/java/com/facebook/presto/hive/authentication/KerberosHiveMetastoreAuthentication.java @@ -24,6 +24,7 @@ import org.apache.hadoop.security.token.TokenIdentifier; import org.apache.thrift.transport.TSaslClientTransport; import org.apache.thrift.transport.TTransport; +import org.apache.thrift.transport.TTransportException; import javax.inject.Inject; import javax.security.auth.callback.Callback; @@ -98,6 +99,9 @@ private TTransport authenticateWithToken(TTransport rawTransport, String tokenSt catch (IOException ex) { throw new UncheckedIOException(ex); } + catch (TTransportException e) { + throw new RuntimeException(e); + } } private static class SaslClientCallbackHandler @@ -175,5 +179,8 @@ private TTransport authenticateWithHost(TTransport rawTransport, String hiveMeta catch (IOException e) { throw new UncheckedIOException(e); } + catch (TTransportException e) { + throw new RuntimeException(e); + } } }