From 7321418eb550ff5737b11acbc2843b29b466e968 Mon Sep 17 00:00:00 2001 From: Norman Maurer Date: Wed, 1 Nov 2017 08:09:04 +0100 Subject: [PATCH] Fix possible NPE in ReferenceCountedOpenSslEngine.rejectRemoteInitiatedRenegotiation() Motivation: ReferenceCountedOpenSslEngine.rejectRemoteInitiatedRenegotiation() is called in a finally block to ensure we always check for renegotiation. The problem here is that sometimes we will already shutdown the engine before we call the method which will lead to an NPE in this case as the ssl pointer was already destroyed. Modifications: Check that the engine is not destroyed yet before calling SSL.getHandshakeCount(...) Result: Fixes [#7353]. --- .../io/netty/handler/ssl/ReferenceCountedOpenSslEngine.java | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/handler/src/main/java/io/netty/handler/ssl/ReferenceCountedOpenSslEngine.java b/handler/src/main/java/io/netty/handler/ssl/ReferenceCountedOpenSslEngine.java index 221900c5e9..709214c151 100644 --- a/handler/src/main/java/io/netty/handler/ssl/ReferenceCountedOpenSslEngine.java +++ b/handler/src/main/java/io/netty/handler/ssl/ReferenceCountedOpenSslEngine.java @@ -1115,7 +1115,10 @@ public class ReferenceCountedOpenSslEngine extends SSLEngine implements Referenc } private void rejectRemoteInitiatedRenegotiation() throws SSLHandshakeException { - if (rejectRemoteInitiatedRenegotiation && SSL.getHandshakeCount(ssl) > 1) { + // As rejectRemoteInitiatedRenegotiation() is called in a finally block we also need to check if we shutdown + // the engine before as otherwise SSL.getHandshakeCount(ssl) will throw an NPE if the passed in ssl is 0. + // See https://github.com/netty/netty/issues/7353 + if (rejectRemoteInitiatedRenegotiation && !isDestroyed() && SSL.getHandshakeCount(ssl) > 1) { // TODO: In future versions me may also want to send a fatal_alert to the client and so notify it // that the renegotiation failed. shutdown();