qpid-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From oru...@apache.org
Subject [qpid-broker-j] branch 7.1.x updated: QPID-8490 - Java broker crashes on sending non-LDH virtual hostname from cpp client
Date Wed, 09 Dec 2020 00:01:27 GMT
This is an automated email from the ASF dual-hosted git repository.

orudyy pushed a commit to branch 7.1.x
in repository https://gitbox.apache.org/repos/asf/qpid-broker-j.git


The following commit(s) were added to refs/heads/7.1.x by this push:
     new 91d0578  QPID-8490 - Java broker crashes on sending non-LDH virtual hostname from
cpp client
91d0578 is described below

commit 91d0578e03580a1cc509b92f3a7a9533e49a59ff
Author: aw924 <daniil.kirilyuk@deutsche-boerse.com>
AuthorDate: Tue Dec 8 16:31:13 2020 +0100

    QPID-8490 - Java broker crashes on sending non-LDH virtual hostname from cpp client
    
    This closes #74
---
 .../NonBlockingConnectionTLSDelegate.java          |  2 +-
 .../transport/network/security/ssl/SSLUtil.java    | 28 +++++++++++++++++++++-
 .../org/apache/qpid/server/transport/SNITest.java  |  9 ++++++-
 3 files changed, 36 insertions(+), 3 deletions(-)

diff --git a/broker-core/src/main/java/org/apache/qpid/server/transport/NonBlockingConnectionTLSDelegate.java
b/broker-core/src/main/java/org/apache/qpid/server/transport/NonBlockingConnectionTLSDelegate.java
index 3e52716..c1eb6de 100644
--- a/broker-core/src/main/java/org/apache/qpid/server/transport/NonBlockingConnectionTLSDelegate.java
+++ b/broker-core/src/main/java/org/apache/qpid/server/transport/NonBlockingConnectionTLSDelegate.java
@@ -102,7 +102,7 @@ public class NonBlockingConnectionTLSDelegate implements NonBlockingConnectionDe
                     {
                         _parent.setSelectedHost(hostName);
                         SSLParameters sslParameters = _sslEngine.getSSLParameters();
-                        sslParameters.setServerNames(Collections.singletonList(new SNIHostName(hostName)));
+                        sslParameters.setServerNames(Collections.singletonList(SSLUtil.createSNIHostName(hostName)));
                         _sslEngine.setSSLParameters(sslParameters);
                     }
                     _hostChecked = true;
diff --git a/broker-core/src/main/java/org/apache/qpid/server/transport/network/security/ssl/SSLUtil.java
b/broker-core/src/main/java/org/apache/qpid/server/transport/network/security/ssl/SSLUtil.java
index 01c11d3..7543083 100644
--- a/broker-core/src/main/java/org/apache/qpid/server/transport/network/security/ssl/SSLUtil.java
+++ b/broker-core/src/main/java/org/apache/qpid/server/transport/network/security/ssl/SSLUtil.java
@@ -75,6 +75,8 @@ import javax.net.ssl.StandardConstants;
 import javax.net.ssl.TrustManager;
 import javax.net.ssl.X509TrustManager;
 
+
+import org.apache.qpid.server.util.ConnectionScopedRuntimeException;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
@@ -880,7 +882,7 @@ public class SSLUtil
 
                                     if (code == StandardConstants.SNI_HOST_NAME)
                                     {
-                                        return new SNIHostName(encoded).getAsciiName();
+                                        return createSNIHostName(encoded).getAsciiName();
                                     }
                                     extensionDataRemaining -= serverNameLength + 3;
                                 }
@@ -1048,6 +1050,30 @@ public class SSLUtil
         return certificates;
     }
 
+    public static SNIHostName createSNIHostName(String hostName)
+    {
+        try
+        {
+            return new SNIHostName(hostName);
+        }
+        catch (IllegalArgumentException e)
+        {
+            throw new ConnectionScopedRuntimeException("Failed to create SNIHostName from
string '" + hostName + "'", e);
+        }
+    }
+
+    public static SNIHostName createSNIHostName(byte[] hostName)
+    {
+        try
+        {
+            return new SNIHostName(hostName);
+        }
+        catch (IllegalArgumentException e)
+        {
+            throw new ConnectionScopedRuntimeException("Failed to create SNIHostName from
byte array '" + new String(hostName) + "'", e);
+        }
+    }
+
     public interface KeyCertPair
     {
         PrivateKey getPrivateKey();
diff --git a/broker-core/src/test/java/org/apache/qpid/server/transport/SNITest.java b/broker-core/src/test/java/org/apache/qpid/server/transport/SNITest.java
index 8039e5a..0be0a48 100644
--- a/broker-core/src/test/java/org/apache/qpid/server/transport/SNITest.java
+++ b/broker-core/src/test/java/org/apache/qpid/server/transport/SNITest.java
@@ -44,6 +44,7 @@ import javax.net.ssl.X509TrustManager;
 
 import com.fasterxml.jackson.core.JsonProcessingException;
 import com.fasterxml.jackson.databind.ObjectMapper;
+import org.apache.qpid.server.util.ConnectionScopedRuntimeException;
 import org.junit.After;
 import org.junit.Before;
 import org.junit.Test;
@@ -188,6 +189,12 @@ public class SNITest extends UnitTestBase
         performTest(false, "fooinvalid", "foo", _fooInvalid);
     }
 
+    @Test(expected = ConnectionScopedRuntimeException.class)
+    public void testInvalidHostname() throws Exception
+    {
+        performTest(false, "fooinvalid", "_foo", _fooInvalid);
+    }
+
 
     private void performTest(final boolean useMatching,
                              final String defaultAlias,
@@ -228,7 +235,7 @@ public class SNITest extends UnitTestBase
                 SSLParameters parameters = socket.getSSLParameters();
                 if (sniHostName != null)
                 {
-                    parameters.setServerNames(Collections.singletonList(new SNIHostName(sniHostName)));
+                    parameters.setServerNames(Collections.singletonList(SSLUtil.createSNIHostName(sniHostName)));
                 }
                 socket.setSSLParameters(parameters);
                 InetSocketAddress address = new InetSocketAddress("localhost", _boundPort);


---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@qpid.apache.org
For additional commands, e-mail: commits-help@qpid.apache.org


Mime
View raw message