Fix NPE exception when using invalid cipher during building SslContext. (#8171)

Motivation: We missed to do a null check before trying to destroy the OpenSslSessionContext, which could lead to a NPE. Modifications: Add null check and tests. Result: Fix https://github.com/netty/netty/issues/8170.
2018-08-02 21:42:21 +02:00 · 2018-08-02 21:42:21 +02:00 · 44d3753c48
commit 44d3753c48
parent 3ab7cac620
2 changed files with 31 additions and 1 deletions
--- a/handler/src/main/java/io/netty/handler/ssl/ReferenceCountedOpenSslContext.java
+++ b/handler/src/main/java/io/netty/handler/ssl/ReferenceCountedOpenSslContext.java
@ -486,7 +486,11 @@ public abstract class ReferenceCountedOpenSslContext extends SslContext implemen

                SSLContext.free(ctx);
                ctx = 0;
-                sessionContext().destroy();
+
+                OpenSslSessionContext context = sessionContext();
+                if (context != null) {
+                    context.destroy();
+                }
            }
        } finally {
            writerLock.unlock();
--- a/handler/src/test/java/io/netty/handler/ssl/SslContextBuilderTest.java
+++ b/handler/src/test/java/io/netty/handler/ssl/SslContextBuilderTest.java
@ -24,6 +24,8 @@ import org.junit.Assume;
 import org.junit.Test;

 import javax.net.ssl.SSLEngine;
+import javax.net.ssl.SSLException;
+import java.util.Collections;

 public class SslContextBuilderTest {

@ -71,6 +73,30 @@ public class SslContextBuilderTest {
        testServerContext(SslProvider.OPENSSL);
    }

+    @Test(expected = IllegalArgumentException.class)
+    public void testInvalidCipherJdk() throws Exception {
+        Assume.assumeTrue(OpenSsl.isAvailable());
+        testInvalidCipher(SslProvider.JDK);
+    }
+
+    @Test(expected = SSLException.class)
+    public void testInvalidCipherOpenSSL() throws Exception {
+        Assume.assumeTrue(OpenSsl.isAvailable());
+        testInvalidCipher(SslProvider.OPENSSL);
+    }
+
+    private static void testInvalidCipher(SslProvider provider) throws Exception {
+        SelfSignedCertificate cert = new SelfSignedCertificate();
+        SslContextBuilder builder = SslContextBuilder.forClient()
+                .sslProvider(provider)
+                .ciphers(Collections.singleton("SOME_INVALID_CIPHER"))
+                .keyManager(cert.certificate(),
+                        cert.privateKey())
+                .trustManager(cert.certificate());
+        SslContext context = builder.build();
+        context.newEngine(UnpooledByteBufAllocator.DEFAULT);
+    }
+
    private static void testClientContextFromFile(SslProvider provider) throws Exception {
        SelfSignedCertificate cert = new SelfSignedCertificate();
        SslContextBuilder builder = SslContextBuilder.forClient()