Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-26759

FileSystemJarCache not defensive enough

XMLWordPrintable

      People occasionally report class loading problems which go away when the Remoting cache is cleared. (Incoherent InvalidClassException; empty ZIP.) Root cause is TBD, but in the meantime FileSystemJarCache.retrieve is not sufficiently robust.

      • After calling JarLoaderImpl.writeJarTo, it does not verify that tmp actually has the expected checksum. What if the other side sent corrupt content, or a zero-length stream?
      • File.renameTo is not guaranteed to be atomic. If on Java 7, should use Files.move(tmp.toPath(), target.toPath(), StandardCopyOption.ATOMIC_MOVE) to be sure there is no race condition.

          [JENKINS-26759] FileSystemJarCache not defensive enough

          Jesse Glick created issue -
          akshay_abd made changes -
          Assignee New: akshay_abd [ akshay_abd ]
          akshay_abd made changes -
          Status Original: Open [ 1 ] New: In Progress [ 3 ]
          akshay_abd made changes -
          Labels Original: robustness New: remoting robustness
          akshay_abd made changes -
          Resolution New: Fixed [ 1 ]
          Status Original: In Progress [ 3 ] New: Resolved [ 5 ]
          R. Tyler Croy made changes -
          Workflow Original: JNJira [ 160928 ] New: JNJira + In-Review [ 196586 ]

            akshay_abd akshay_abd
            jglick Jesse Glick
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

              Created:
              Updated:
              Resolved: