Issue with serialization data security - 2.5.0

classic Classic list List threaded Threaded
2 messages Options
Pradeep Badiger Pradeep Badiger
Reply | Threaded
Open this post in threaded view
|

Issue with serialization data security - 2.5.0

Hi,

 

We are running into an issue with serialization security in Ignite 2.5.0 with whitelisting enabled. We start the cache inside an application in embedded mode. The cache is partitioned with read through/write behind enabled. I am getting the below exception while working with the cache. Note that this does not happen always.

 

2020-08-04 14:05:38.482 [sys-#41] ERROR ignite.internal.processors.continuous.GridContinuousProcessor - Failed to process message (ignoring): GridContinuousMessage [type=MSG_EVT_NOTIFICATION, routineId=e6f15316-b9c4-4316-878f-188401f64acf, data=null, futId=null]

org.apache.ignite.IgniteCheckedException: Deserialization of class org.apache.ignite.util.deque.FastSizeDeque is disallowed.

       at org.apache.ignite.internal.util.IgniteUtils.unmarshal(IgniteUtils.java:9968) [dmipDPC.jar:?]

       at org.apache.ignite.internal.processors.continuous.GridContinuousProcessor$7.onMessage(GridContinuousProcessor.java:266) [dmipDPC.jar:?]

       at org.apache.ignite.internal.managers.communication.GridIoManager.invokeListener(GridIoManager.java:1556) [dmipDPC.jar:?]

       at org.apache.ignite.internal.managers.communication.GridIoManager.processRegularMessage0(GridIoManager.java:1184) [dmipDPC.jar:?]

       at org.apache.ignite.internal.managers.communication.GridIoManager.access$4200(GridIoManager.java:125) [dmipDPC.jar:?]

       at org.apache.ignite.internal.managers.communication.GridIoManager$9.run(GridIoManager.java:1091) [dmipDPC.jar:?]

       at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) [?:1.8.0_231]

       at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) [?:1.8.0_231]

       at java.lang.Thread.run(Thread.java:748) [?:1.8.0_231]

Caused by: java.lang.RuntimeException: Deserialization of class org.apache.ignite.util.deque.FastSizeDeque is disallowed.

       at org.apache.ignite.internal.util.IgniteUtils.forName(IgniteUtils.java:8606) ~[dmipDPC.jar:?]

       at org.apache.ignite.internal.MarshallerContextImpl.getClass(MarshallerContextImpl.java:349) ~[dmipDPC.jar:?]

       at org.apache.ignite.internal.binary.BinaryContext.descriptorForTypeId(BinaryContext.java:688) ~[dmipDPC.jar:?]

       at org.apache.ignite.internal.binary.BinaryReaderExImpl.deserialize0(BinaryReaderExImpl.java:1755) ~[dmipDPC.jar:?]

       at org.apache.ignite.internal.binary.BinaryReaderExImpl.deserialize(BinaryReaderExImpl.java:1714) ~[dmipDPC.jar:?]

       at org.apache.ignite.internal.binary.GridBinaryMarshaller.deserialize(GridBinaryMarshaller.java:310) ~[dmipDPC.jar:?]

       at org.apache.ignite.internal.binary.BinaryMarshaller.unmarshal0(BinaryMarshaller.java:99) ~[dmipDPC.jar:?]

       at org.apache.ignite.marshaller.AbstractNodeNameAwareMarshaller.unmarshal(AbstractNodeNameAwareMarshaller.java:82) ~[dmipDPC.jar:?]

       at org.apache.ignite.internal.util.IgniteUtils.unmarshal(IgniteUtils.java:9962) [dmipDPC.jar:?]

       ... 8 more

 

I looked at org.apache.ignite.internal.IgniteKernal#classWhiteList and it loads the META-INF/classnames.txt and META-INF/classnames-jdk.txt files before loading the user configured whitelist classes file. I don’t see the mention of org.apache.ignite.util.deque.FastSizeDeque class in the META-INF/classnames.txt file. Is this a bug within Ignite?

 

Thanks,

Pradeep V.B.

This email and any files transmitted with it are confidential, proprietary and intended solely for the individual or entity to whom they are addressed. If you have received this email in error please delete it immediately.
akorensh akorensh
Reply | Threaded
Open this post in threaded view
|

Re: Issue with serialization data security - 2.5.0

Hi,
  2.5.0 is a bit outdated. I suggest you upgrade to the latest version and
retry.
   If it is still an issue using the latest version, please include a
reproducer and we will take a look.
Thanks, Alex



--
Sent from: http://apache-ignite-users.70518.x6.nabble.com/