From 0c3eae34ec25203e22d3fa6a678a11a936f9c8b4 Mon Sep 17 00:00:00 2001
From: feijermu <seedeed@qq.com>
Date: Tue, 24 Mar 2020 18:17:40 +0800
Subject: [PATCH] fix a potential ByteBuf leak in HttpProxyHandler. (#10130)

Motivation:

An exception may occur between ByteBuf's allocation and release. For example:
```java
java.lang.OutOfMemoryError: Java heap space
	at java.lang.String.<init>(String.java:325)
	at io.netty.buffer.ByteBufUtil.decodeString(ByteBufUtil.java:838)
	at io.netty.buffer.AbstractByteBuf.toString(AbstractByteBuf.java:1247)
	at io.netty.buffer.AbstractByteBuf.toString(AbstractByteBuf.java:1242)
	at io.netty.handler.proxy.HttpProxyHandler.<init>(HttpProxyHandler.java:105)
	at io.netty.handler.proxy.HttpProxyHandler.<init>(HttpProxyHandler.java:90)
	at io.netty.handler.proxy.HttpProxyHandler.<init>(HttpProxyHandler.java:85)
```
It may cause the ByteBuf variable authz and authzBase64's leak.

Modification:

Release the ByteBuf in a finally block as soon as possible.

Result:

Fix a potential ByteBuf leak.
---
 .../netty/handler/proxy/HttpProxyHandler.java   | 17 +++++++++++------
 1 file changed, 11 insertions(+), 6 deletions(-)

diff --git a/handler-proxy/src/main/java/io/netty/handler/proxy/HttpProxyHandler.java b/handler-proxy/src/main/java/io/netty/handler/proxy/HttpProxyHandler.java
index 9751b059a7..56a1bea6de 100644
--- a/handler-proxy/src/main/java/io/netty/handler/proxy/HttpProxyHandler.java
+++ b/handler-proxy/src/main/java/io/netty/handler/proxy/HttpProxyHandler.java
@@ -100,12 +100,17 @@ public final class HttpProxyHandler extends ProxyHandler {
         this.password = ObjectUtil.checkNotNull(password, "password");
 
         ByteBuf authz = Unpooled.copiedBuffer(username + ':' + password, CharsetUtil.UTF_8);
-        ByteBuf authzBase64 = Base64.encode(authz, false);
-
-        authorization = new AsciiString("Basic " + authzBase64.toString(CharsetUtil.US_ASCII));
-
-        authz.release();
-        authzBase64.release();
+        ByteBuf authzBase64;
+        try {
+            authzBase64 = Base64.encode(authz, false);
+        } finally {
+            authz.release();
+        }
+        try {
+            authorization = new AsciiString("Basic " + authzBase64.toString(CharsetUtil.US_ASCII));
+        } finally {
+            authzBase64.release();
+        }
 
         this.outboundHeaders = headers;
         this.ignoreDefaultPortsInConnectHostHeader = ignoreDefaultPortsInConnectHostHeader;