HADOOP-18235. vulnerability: we may leak sensitive information in LocalKeyStoreProvider

Author: cbaenziger

hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/alias/LocalKeyStoreProvider.java

@@ -142,21 +142,27 @@ protected void initFileSystem(URI uri)
 
   @Override
   public void flush() throws IOException {
-    super.flush();
-    if (LOG.isDebugEnabled()) {
-      LOG.debug("Resetting permissions to '" + permissions + "'");
-    }
-    if (!Shell.WINDOWS) {
-      Files.setPosixFilePermissions(Paths.get(file.getCanonicalPath()),
-          permissions);
-    } else {
-      // FsPermission expects a 10-character string because of the leading
-      // directory indicator, i.e. "drwx------". The JDK toString method returns
-      // a 9-character string, so prepend a leading character.
-      FsPermission fsPermission = FsPermission.valueOf(
-          "-" + PosixFilePermissions.toString(permissions));
-      FileUtil.setPermission(file, fsPermission);
+    try {
+      super.getWriteLock().lock();
+      file.createNewFile();
+      if (LOG.isDebugEnabled()) {
+        LOG.debug("Resetting permissions to '" + permissions + "'");
+      }
+      if (!Shell.WINDOWS) {
+        Files.setPosixFilePermissions(Paths.get(file.getCanonicalPath()),
+            permissions);
+      } else {
+        // FsPermission expects a 10-character string because of the leading
+        // directory indicator, i.e. "drwx------". The JDK toString method returns
+        // a 9-character string, so prepend a leading character.
+        FsPermission fsPermission = FsPermission.valueOf(
+            "-" + PosixFilePermissions.toString(permissions));
+        FileUtil.setPermission(file, fsPermission);
+      }
+    } finally {
+      super.getWriteLock().unlock();
     }
+    super.flush();
   }
 
   private static Set<PosixFilePermission> modeToPosixFilePermission(