andreacavalli/netty5
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Fix buffer leaks during PEM to KeyStore conversion

Browse Source
This commit is contained in:
Trustin Lee 2014-05-18 04:26:16 +09:00
parent 44699afd79
commit 97a4277be1
3 changed files with 30 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
handler/src/main/java/io/netty/handler/ssl/JdkSslClientContext.java
View File

@ -123,10 +123,17 @@ public final class JdkSslClientContext extends JdkSslContext {
ks.load(null, null); ks.load(null, null);
CertificateFactory cf = CertificateFactory.getInstance("X.509"); CertificateFactory cf = CertificateFactory.getInstance("X.509");
for (ByteBuf buf: PemReader.readCertificates(certChainFile)) { ByteBuf[] certs = PemReader.readCertificates(certChainFile);
X509Certificate cert = (X509Certificate) cf.generateCertificate(new ByteBufInputStream(buf)); try {
X500Principal principal = cert.getSubjectX500Principal(); for (ByteBuf buf: certs) {
ks.setCertificateEntry(principal.getName("RFC2253"), cert); X509Certificate cert = (X509Certificate) cf.generateCertificate(new ByteBufInputStream(buf));
X500Principal principal = cert.getSubjectX500Principal();
ks.setCertificateEntry(principal.getName("RFC2253"), cert);
}
} finally {
for (ByteBuf buf: certs) {
buf.release();
}
} }
// Set up trust manager factory to use our key store. // Set up trust manager factory to use our key store.

13
handler/src/main/java/io/netty/handler/ssl/JdkSslServerContext.java
View File

@ -117,7 +117,7 @@ public final class JdkSslServerContext extends JdkSslContext {
ByteBuf encodedKeyBuf = PemReader.readPrivateKey(keyFile); ByteBuf encodedKeyBuf = PemReader.readPrivateKey(keyFile);
byte[] encodedKey = new byte[encodedKeyBuf.readableBytes()]; byte[] encodedKey = new byte[encodedKeyBuf.readableBytes()];
encodedKeyBuf.readBytes(encodedKey); encodedKeyBuf.readBytes(encodedKey).release();
PKCS8EncodedKeySpec encodedKeySpec = new PKCS8EncodedKeySpec(encodedKey); PKCS8EncodedKeySpec encodedKeySpec = new PKCS8EncodedKeySpec(encodedKey);
PrivateKey key; PrivateKey key;
@ -128,8 +128,15 @@ public final class JdkSslServerContext extends JdkSslContext {
} }
List<Certificate> certChain = new ArrayList<Certificate>(); List<Certificate> certChain = new ArrayList<Certificate>();
for (ByteBuf buf: PemReader.readCertificates(certChainFile)) { ByteBuf[] certs = PemReader.readCertificates(certChainFile);
certChain.add(cf.generateCertificate(new ByteBufInputStream(buf))); try {
for (ByteBuf buf: certs) {
certChain.add(cf.generateCertificate(new ByteBufInputStream(buf)));
}
} finally {
for (ByteBuf buf: certs) {
buf.release();
}
} }
ks.setKeyEntry("key", key, keyPassword.toCharArray(), certChain.toArray(new Certificate[certChain.size()])); ks.setKeyEntry("key", key, keyPassword.toCharArray(), certChain.toArray(new Certificate[certChain.size()]));

11
handler/src/main/java/io/netty/handler/ssl/PemReader.java
View File

@ -71,7 +71,11 @@ final class PemReader {
break; break;
} }
certs.add(Base64.decode(Unpooled.copiedBuffer(m.group(1), CharsetUtil.US_ASCII))); ByteBuf base64 = Unpooled.copiedBuffer(m.group(1), CharsetUtil.US_ASCII);
ByteBuf der = Base64.decode(base64);
base64.release();
certs.add(der);
start = m.end(); start = m.end();
} }
@ -95,7 +99,10 @@ final class PemReader {
throw new KeyException("found no private key: " + file); throw new KeyException("found no private key: " + file);
} }
return Base64.decode(Unpooled.copiedBuffer(m.group(1), CharsetUtil.US_ASCII)); ByteBuf base64 = Unpooled.copiedBuffer(m.group(1), CharsetUtil.US_ASCII);
ByteBuf der = Base64.decode(base64);
base64.release();
return der;
} }
private static String readContent(File file) throws IOException { private static String readContent(File file) throws IOException {