CipherSuiteConverter NPE

Motivation:
CipherSuiteConverter may throw a NPE if a cipher suite from OpenSSL does not match the precomputed regular expression for OpenSSL ciphers. This method shouldn't throw and instead just return null.

Modifications:
- if cacheFromOpenSsl(..) fails the conversion toJava should return null

Result:
Fixes https://github.com/netty/netty/issues/6336.
This commit is contained in:
Scott Mitchell 2017-02-08 19:44:07 -08:00
parent 59aa57cc03
commit f7434c5ddd
2 changed files with 37 additions and 2 deletions

View File

@ -276,6 +276,11 @@ final class CipherSuiteConverter {
Map<String, String> p2j = o2j.get(openSslCipherSuite);
if (p2j == null) {
p2j = cacheFromOpenSsl(openSslCipherSuite);
// This may happen if this method is queried when OpenSSL doesn't yet have a cipher setup. It will return
// "(NONE)" in this case.
if (p2j == null) {
return null;
}
}
String javaCipherSuite = p2j.get(protocol);

View File

@ -20,8 +20,10 @@ import io.netty.util.internal.logging.InternalLogger;
import io.netty.util.internal.logging.InternalLoggerFactory;
import org.junit.Test;
import static org.hamcrest.Matchers.*;
import static org.junit.Assert.*;
import static org.hamcrest.Matchers.is;
import static org.hamcrest.Matchers.sameInstance;
import static org.junit.Assert.assertNull;
import static org.junit.Assert.assertThat;
public class CipherSuiteConverterTest {
@ -271,6 +273,34 @@ public class CipherSuiteConverterTest {
testCachedJ2OMapping("TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256", "ECDHE-ECDSA-AES128-SHA256");
}
@Test
public void testUnknownOpenSSLCiphersToJava() {
testUnknownOpenSSLCiphersToJava("(NONE)");
testUnknownOpenSSLCiphersToJava("unknown");
testUnknownOpenSSLCiphersToJava("");
}
@Test
public void testUnknownJavaCiphersToOpenSSL() {
testUnknownJavaCiphersToOpenSSL("(NONE)");
testUnknownJavaCiphersToOpenSSL("unknown");
testUnknownJavaCiphersToOpenSSL("");
}
private void testUnknownOpenSSLCiphersToJava(String openSslCipherSuite) {
CipherSuiteConverter.clearCache();
assertNull(CipherSuiteConverter.toJava(openSslCipherSuite, "TLS"));
assertNull(CipherSuiteConverter.toJava(openSslCipherSuite, "SSL"));
}
private void testUnknownJavaCiphersToOpenSSL(String javaCipherSuite) {
CipherSuiteConverter.clearCache();
assertNull(CipherSuiteConverter.toOpenSsl(javaCipherSuite));
assertNull(CipherSuiteConverter.toOpenSsl(javaCipherSuite));
}
private static void testCachedJ2OMapping(String javaCipherSuite, String openSslCipherSuite) {
CipherSuiteConverter.clearCache();