GH-48858: [C++][Parquet] Avoid re-serializing footer for signature verification #48859
Conversation
github-actions
bot
added
Component: Parquet
Component: C++
awaiting review
| PARQUET_DEPRECATED("Deprecated in 24.0.0. Use the two-argument overload instead.") | ||
| bool VerifySignature(const void* signature); |
There was a problem hiding this comment.
I opted to deprecate this but we might also remove it, as it seems this API is meant for internal use? @adamreeve @EnricoMi
github-actions
bot
added
awaiting committer review
| bool VerifySignature(std::span<const uint8_t> serialized_metadata, | ||
| std::span<const uint8_t> signature) { |
There was a problem hiding this comment.
I implemented this as a method of FileMetaData but the only member it uses is the FileDecryptor, so perhaps this should be moved elsewhere (or made static?).
|
Hmm, it looks like we need to wait for #48819 for the R failures. |
|
If I remember correctly in rust we verify directly on decrypted buffer (skipping reserialization). |
I'm not surprised that Rust is saner than C++ :-) |
pitrou
force-pushed
the
gh48858-plaintext-verify-signature
branch
from
35d6c51 to
e853dee
Compare
|
@github-actions crossbow submit -g cpp |
|
Revision: e853dee Submitted crossbow builds: ursacomputing/crossbow @ actions-f90353001e
|
2 participants
Rationale for this change
When reading an encrypted Parquet file with a plaintext footer, the Parquet reader is able to verify footer integrity by comparing the signature in the file with the one computed by encrypting the footer.
However, the way it does this is to first re-serializes the deserialized footer using Thrift. This has several issues:
Reason 3 is what allowed this to be uncovered by OSS-Fuzz (see https://oss-fuzz.com/testcase-detail/4740205688193024).
This PR switches to reusing the original serialized metadata.
Are these changes tested?
Yes, by existing tests and new fuzz regression file.
Are there any user-facing changes?
No.