Commit Graph

10031 Commits

Author SHA1 Message Date
Subba Rao Pasupuleti
0e2e17f9a2
Adding pipeline rename handler tests (#10028)
Motivation:

Current pipeline handler replace tests are replacing handler with same name.
we need test that test handler can renamed, old handlers are removed from pipeline.

Modification:

There is coverage missing related to renaming of handlers

Result:

Adds missing tests

Co-authored-by: phani254 <phani254@yahoo.com>
2020-02-14 16:53:09 +01:00
feijermu
e648aa259d
Add a null check to NetUtil. sysctlGetInt(...) (#10027)
Motivation:

BufferedReader.readLine() may return null and cause a NPE.

Modification:

Simply add a null check.

Result:

If BufferedReader.readLine() returns null, the sysctlGetInt will just return null rather than cause NPE.
2020-02-14 09:08:27 +01:00
Norman Maurer
713e0aa68a
java.security.AccessControlException: access denied ("java.io.FilePermission" "/etc/os-release" "read") (#10018)
Motivation:

Modifications:

- Wrap the code and execute with an AccessController
- Ignore SecurityException (by just logging it)
- Add some more debug logging

Result:

Fixes https://github.com/netty/netty/issues/10017
2020-02-13 11:48:40 +01:00
Hyunjin Choi
1859170e69
Change String comparison to equals() from == (#10022)
Motivation:

Even if it was stored in the string constant pool, I thought it was safe to compare it through the Equals() method.

Modification:

So, I changed "==" comparison to equals() comparison

Result:

It has become safer to compare String values with different references and with the same values.
2020-02-13 09:57:14 +01:00
Norman Maurer
f88a343455
Remove System.out.println(...) in test (#10024)
Motivation:

We did had some System.out.println(...) call in a test which seems to be some left-over from debugging.

Modifications:

Remove System.out.println(...)

Result:

Code cleanup
2020-02-13 08:42:49 +01:00
violetagg
fcf55fcf71
When BlockHound is installed, do not report GlobalEventExecutor/SingleThreadEventExecutor#takeTask as blocking call. (#10020)
Motivation:

GlobalEventExecutor/SingleThreadEventExecutor#taskQueue is BlockingQueue.

Modifications:

Add allowBlockingCallsInside configuration for GlobalEventExecutor/SingleThreadEventExecutor#takeTask.

Result:

Fixes #9984
When BlockHound is installed, GlobalEventExecutor/SingleThreadEventExecutor#takeTask is not reported as a blocking call.
2020-02-11 20:24:41 +01:00
Norman Maurer
2d4b5abc99
HTTP/2 child channel may discard flush when done from an arbitrary thread (#10019)
Motivation:

We need to carefully manage flushes to ensure we not discard these by mistake due wrongly implemented consolidation of flushes.

Modifications:

- Ensure we reset flag before we actually call flush0(...)
- Add unit test

Result:

Fixes https://github.com/netty/netty/issues/10015
2020-02-11 14:43:04 +01:00
Subba Rao Pasupuleti
ef50cf5696
remove unused shutdownLock (#10010)
Motivation:

This is unused variable

Modification:

removed variable

Result:

Removes unused lock

Co-authored-by: phani254 <phani254@yahoo.com>
2020-02-11 09:57:52 +01:00
Vitaly Buka
b410ff9c28
Fix of undefined behavior of null referencing (#10016)
Motivation:

Current code depends on some "undefined behaviour".

Modification:

Fix of undefined behavior of null referencing

Result:

Correct c code.
2020-02-11 09:56:51 +01:00
Norman Maurer
a6896eae43
NioEventLoopTest.testChannelsRegistered test failure (#10014)
Motivation:

NioEventLoopTest.testChannelsRegistered sometimes fails due a race which is related to how SelectionKey and Selector is implemented in the JDK. In the current implementation it will "lazy" remove SelectionKeys from the Set which means we may still have these included sometimes when we use size() to get the number of SelectionKeys.

Modifications:

Just retry to read the number of registered Channels if we still see 2

Result:

Fixes https://github.com/netty/netty/issues/9895
2020-02-10 20:28:53 +01:00
Norman Maurer
536b83a1a8
Reduce scope of synchronized block introduced in 5114588cba (#10013)
Motivation:

We should keep the scope of the synchronized block as small as possible.

Modifications:

Reduce scope by copy to an array first before iterate through it

Result:

Smaller scope of synchronized
2020-02-10 19:30:53 +01:00
Bennett Lynch
6290346246 Remove "Content-Length" when decoding HTTP/1.1 message with both "Tra… (#10003)
Motivation

As part of a recent commit for issue
https://github.com/netty/netty/issues/9861 the HttpObjectDecoder was
changed to throw an IllegalArgumentException (and produce a failed
decoder result) when decoding a message with both "Transfer-Encoding:
chunked" and "Content-Length".

While it seems correct for Netty to try to sanitize these types of
messages, the spec explicitly mentions that the Content-Length header
should be *removed* in this scenario.

Both Nginx 1.15.9 and Tomcat 9.0.31 also opt to remove the header:
b693d7c198/java/org/apache/coyote/http11/Http11Processor.java (L747-L755)
0ad4393e30/src/http/ngx_http_request.c (L1946-L1953)

Modifications

* Change the default behavior from throwing an IllegalArgumentException
to removing the "Content-Length" header
* Extract the behavior to a new protected method,
handleChunkedEncodingWithContentLength(), that can be overridden to
change this behavior (or capture metrics)

Result

Messages of this nature will now be successfully decoded and have their
"Content-Length" header removed, rather than creating invalid messages
(decoder result failures). Users will be allowed to override and
configure this behavior.
2020-02-10 10:41:57 +01:00
Bryce Anderson
238aa73e36 DefaultHttp2ConnectionDecoder notifies frame listener before connection of GOAWAYS (#10009)
Motivation:

Users of the DefaultHttp2ConnectionDecodcer are notified of inbound GoAwayFrames
after the connection has already closed any ignored streams, potentially
losing the signal that some streams may have been ignored by the peer and
are thus retryable.

Modifications:

Reorder the notifications of the frame and connection listeners to
propagate the frame first, giving the frame listeners the opportunity to
clean up ignored streams in their own way.

Result:
Fixes #9986
2020-02-10 10:26:54 +01:00
Jon Chambers
5114588cba Clear listeners when AddressResolverGroups close. (#10011) (#10012)
Motivation:

When an `AddressResolverGroup` closes, it can leave unwanted listeners attached to its `EventExecutor`'s termination future.

Modifications:

- Keep track of listeners attached to termination futures
- Clear listeners if the `AddressResolverGroup` closes before its associated executor(s)

Result:

Unwanted listeners no longer remain in memory after an `AddressResolverGroup` closes before its associated executor(s).
2020-02-10 07:40:06 +01:00
Norman Maurer
a3e5e4876c
FixedCompositeByteBuf.isDirect() may return wrong value when constructed with empty array (#10005)
Motivation:

FixedCompositeByteBuf.isDirect() should return the same value as EMPTY_BUFFER.isDirect() when constructed via an empty array

Modifications:

- Return correct value when constructed via empty array.
- Add unit test

Result:

FixedCompositeByteBuf.isDirect() returns correct value
2020-02-08 17:05:26 +01:00
Norman Maurer
a308ac94cd Update to Blockhound 1.0.2 (#10007)
Motivation:

A new version of blockhound was released today

Modifications:

Upgrade to latest blockhound version

Result:

Use latest blockhound release
2020-02-08 17:04:28 +01:00
Norman Maurer
e7f291629b ClearTextHttp2ServerUpgradeHandler can be merged with inner PriorKnowledgeHandler (#10008)
Motivation:

ClearTextHttp2ServerUpgradeHandler is currently more complex then needed. We can simplify it by directly implement the prior-knowledge logic as part of the handler.

Modifications:

Merge inner PriorKnowledgeHandler logic into ClearTextHttp2ServerUpgradeHandler by extending ByteToMessageDecoder directly

Result:

Cleaner code and less pipeline operations
2020-02-08 08:49:55 +01:00
Ruwei
2a5118f824
add AUTH & EMPTY to SmtpCommand (#9999)
Motivation:
AUTH command is used to login to a SMTP server.
EMPTY command is for request with only parameter.

Modifications:
Add AUTH & EMPTY to SmtpCommand & SmtpRequests
Update SmtpRequestEncoder#writeParameters, handle SP according to
command
Add unit test

Result:
fix #9995
2020-02-07 14:29:46 +01:00
Norman Maurer
5bc644ba41
Ensure ChannelOptions are applied in the same order as configured in Http2StreamChannelBootstrap (#9998) (#10001)
Motivation:

https://github.com/netty/netty/pull/9848 changed how we handled ChannelOptions internally to use a ConcurrentHashMap. This unfortunally had the side-effect that the ordering may be affected and not stable anymore. Here the problem is that sometimes we do validation based on two different ChannelOptions (for example we validate high and low watermarks against each other). Thus even if the user specified the options in the same order we may fail to configure them.

Modifications:

- Use again a LinkedHashMap to preserve order

Result:

Apply ChannelOptions in correct and expected order
2020-02-07 09:14:16 +01:00
Norman Maurer
56055f4404
Ensure ChannelOptions are applied in the same order as configured in *Bootstrap (#9998)
Motivation:

https://github.com/netty/netty/pull/9458 changed how we handled ChannelOptions internally to use a ConcurrentHashMap. This unfortunally had the side-effect that the ordering may be affected and not stable anymore. Here the problem is that sometimes we do validation based on two different ChannelOptions (for example we validate high and low watermarks against each other). Thus even if the user specified the options in the same order we may fail to configure them.

Modifications:

- Use again a LinkedHashMap to preserve order
- Add unit test

Result:

Apply ChannelOptions in correct and expected order
2020-02-06 09:02:31 +01:00
Konrad Beckmann
38b5607c6d
Copy IPV6-mapped-IPV4 addresses correctly in native code (#9996)
Motivation:

8dc6ad5 introduced IPV6-mapped-IPV4 address support but
copied the addresses incorrectly. It copied the first
4 bytes of the ipv6 address to the address byte array
at offset 12, instead of the other way around.

7a547aa implemented this correctly in netty_unix_socket.c
but it seems the change should've been applied to
netty_epoll_native.c as well.

The current behaviour will always set the address to
`0.0.0.0`.

Modifications:

Copy the correct bytes from the ipv6 mapped ipv4 address.
I.e. copy 4 bytes at offset 12 from the native address
to the byte array `addr` at offset 0.

Result:

When using recvmmsg with IPV6-mapped-IPV4 addresses,
the address will be correctly copied to the byte array
`addr` in the NativeDatagramPacket instance.
2020-02-05 15:40:51 +01:00
Norman Maurer
77effdc4da
Add SslClientHelloHandler which allows to do something based on the S… (#9827)
Motivation:

Sometimes it is useful to do something depending on the Ssl ClientHello (like for example select a SslContext to use). At the moment we only allow to hook into the SNI extension but this is not enough.

Modifications:

Add SslClientHelloHandler which allows to hook into ClientHello messages. This class is now also the super class of AbstractSniHandler

Result:

More flexible processing of SSL handshakes
2020-02-05 14:41:51 +01:00
Norman Maurer
07149729cc
Use correct system property name in PooledByteBufAllocator (io.netty.allocator.cacheTrimIntervalMillis) (#9994)
Motivation:

We had a typo in the system property name that was used to lookup the cache trime interval. We should ensure we use the correct naming when lookup the property

Modifications:

- Support the old and the new (correct) naming of the property when configure the cache trim interval.
- Log something if someone uses the old (deprecated) name

Result:

Fixes https://github.com/netty/netty/issues/9981
2020-02-05 14:39:23 +01:00
Artem Smotrakov
5f68897880
Added tests for Transfer-Encoding header with whitespace (#9997)
Motivation:

Need tests to ensure that CVE-2020-7238 is fixed.

Modifications:

Added two test cases into HttpRequestDecoderTest which check that
no whitespace is allowed before the Transfer-Encoding header.

Result:

Improved test coverage for #9861
2020-02-05 14:33:28 +01:00
Norman Maurer
9bc20d3f7d
Use latest checkstyle version for all artifact as well. (#9993)
Motivation:

42aa7f0c58 did update the checkstyle version but missed that we declared it explicitly in the all artifact as well.

Modifications:

Remove explicit definition in the all artifact.

Result:

Use latest checkstyle version everywhere.
2020-02-05 10:10:06 +01:00
Norman Maurer
42aa7f0c58
Update checkstyle to 8.29 and netty-build to 26 (#9990)
Motivation:

A new checkstyle version was released which fixes a security vulnerability.

Modifications:

- Update to latest checkstyle version
- Update netty-build to latest version to be compatible with latest checkstyle version

Result:

No more security vulnerability caused by checkstyle during build
2020-02-03 18:24:10 +01:00
Rich DiCroce
1543218d3e
Allow a limit to be set on the decompressed buffer size for ZlibDecoders (#9924)
Motivation:
It is impossible to know in advance how much memory will be needed to
decompress a stream of bytes that was compressed using the DEFLATE
algorithm. In theory, up to 1032 times the compressed size could be
needed. For untrusted input, an attacker could exploit this to exhaust
the memory pool.

Modifications:
ZlibDecoder and its subclasses now support an optional limit on the size
of the decompressed buffer. By default, if the limit is reached,
decompression stops and a DecompressionException is thrown. Behavior
upon reaching the limit is modifiable by subclasses in case they desire
something else.

Result:
The decompressed buffer can now be limited to a configurable size, thus
mitigating the possibility of memory pool exhaustion.
2020-01-31 12:11:06 +01:00
Ruwei
6e5f229589
fix bug: scheduled tasks may not be executed (#9980)
Motivation:

If there was always a task in the taskQueue of GlobalEvenExecutor, scheduled tasks in the
scheduledTaskQueue will never be executed.

Related to  #1614

Modifications:

fix bug in GlobalEventExecutor#takeTask

Result:

fix bug
2020-01-31 10:57:38 +01:00
Johno Crawford
0671b18e24
SSL / BlockHound works out of the box with the default SSL provider (#9969)
Motivation:

JDK is the default SSL provider and internally uses blocking IO operations.

Modifications:

Add allowBlockingCallsInside configuration for SslHandler runAllDelegate function.

Result:

When BlockHound is installed, SSL works out of the box with the default SSL provider.


Co-authored-by: violetagg <milesg78@gmail.com>
2020-01-30 11:35:16 +01:00
Dmitriy Dumanskiy
b49bd5644f
Use compile time constants instead of status field in WebSocketServer/ClientProtocolConfig (#9976)
Motivation:

Avoid allocation of default static `WebSocketServerProtocolConfig` and `WebSocketClientProtocolConfig` configs. Prefer compile time constants instead.

Modification:

Static field with config object replaced with constructor with default fields.

Result:

No more default config allocation and static field for it. Compile time variables used instead.
2020-01-29 15:01:23 +01:00
Norman Maurer
eb50e5148a
Initialize ThreadLocalRandom at runtime to improve GraalVM support (#9977)
Motivation:

We need to initialize ThreadLocalRandom at runtime as it uses System.nanoTime() in a static block to init the seed.

Modifications:

Add io.netty.util.internal.ThreadLocalRandom to properties file

Result:

Better support for GraalVM
2020-01-29 15:00:12 +01:00
Norman Maurer
bbbfd5ca9f
Update to java8-242 (#9978)
Motivation:

A new java 8 version was released, lets use it

Modifications:

Update to java8-242

Result:

Use latest java8 version
2020-01-29 14:56:11 +01:00
Norman Maurer
663fbaa506
SslHandler.wrap(...) must ensure it not loose the original exception when finishWrap(...) fails (#9974)
Motivation:

When SslHandler.finishWrap throws an exception, ensure that the promise and buf is not reused to avoid throwing IllegalArgumentException or IllegalReferenceCountException which causes the original exception to be lost.

Modification:

The change ensures that the values for the promise and bytebuf are nulled before calling finishWrap so that it will not be called again with the same arguments.

Result:

Fixes #9971 .

Co-authored-by: Norman Maurer <norman_maurer@apple.com>

Co-authored-by: Antony T Curtis <atcurtis@gmail.com>
2020-01-29 08:46:38 +01:00
Dmitriy Dumanskiy
fb3ced28cf #9944 Merge WebSocketCloseFrameHandler into WebSocketProtocolHandler … (#9967)
…in order to minimize pipeline

Motivation:

Handling of `WebSocketCloseFrame` is part of websocket protocol, so it's logical to put it within the `WebSocketProtocolHandler`. Also, removal of `WebSocketCloseFrameHandler` will decrease the channel pipeline.

Modification:

- `WebSocketCloseFrameHandler` code merged into `WebSocketProtocolHandler`. `WebSocketCloseFrameHandler` not added to the pipeline anymore
- Added additional constructor to `WebSocketProtocolHandler`
- `WebSocketProtocolHandler` now implements `ChannelOutboundHandler` and implements basic methods from it

Result:

`WebSocketCloseFrameHandler` is no longer used.

Fixes https://github.com/netty/netty/issues/9944
2020-01-28 14:57:32 +01:00
bergerst
384eaf773c Set keystoreType for JdkSslClientContext Keystores (#9965)
Motivation:

In the PR #9003, the issue #8998 was supposedly solved. But actually the fix only made it so the TrustManager can use the specified keystore type instead of also supporting it in the KeyManagerFactory.

In my environment, we are using PKCS#11 Keys which are then rejected by the PKCS#12 keystore. A PKCS#12 keystore is created since the keystoreType was set to null by the code from the mentioned PR.

Modification:

Do not ignore the keystoreType parameter during the creation of the JdkSslClientContext KeyManagerFactory.

Result:

Fixes #8998.
2020-01-28 14:44:13 +01:00
Norman Maurer
2023a4f607
Remove usage of forbiddenHttpRequestResponder (#9941)
Motivation:

At the moment we add a handler which will respond with 403 forbidden if a websocket handshake is in progress (and after). This makes not much sense as it is unexpected to have a remote peer to send another http request when the handshake was started. In this case it is much better to let the websocket decoder bail out.

Modifications:

Remove usage of forbiddenHttpRequestResponder

Result:

Fixes https://github.com/netty/netty/issues/9913
2020-01-28 06:04:20 +01:00
Norman Maurer
a61e844c9a
Use latest java 11 version when building via docker (#9968)
Motivation:

We should update the used java11 version when building via docker to the latest release

Modifications:

Update to 1.11.0-6

Result:

Use latest java11 version
2020-01-28 05:32:31 +01:00
Iván López
066a180a43 Initialize some classes at runtime to improve GraalVM support (#9963)
Motivation:

Deploying a Micronaut application as GraalVM native image to AWS Lambda with custom runtime fails when using Micronaut Http Client.

This PR initializes at runtime some classes needed to fix the issue. There is more information in our original issue in Micronaut https://github.com/micronaut-projects/micronaut-core/issues/2335#issuecomment-570151944

At this moment I've added those classes into Micronaut (b383d3ab14) as a workaround but this should be included in Netty so it's available for everyone.

Modification:

Mark 3 classes to be initialized at runtime for GraalVM.

Result:

Mark 3 classes to be initialized at runtime for GraalVM.
2020-01-24 06:40:39 -08:00
Bennett Lynch
a7de4747d0 Add ByteBufFormat option to LoggingHandler (#9915)
Motivation

LoggingHandler is a very useful tool for debugging and for tracking the
sequence of events in a pipeline. LoggingHandler also includes the
functionality to log a hex dump of all written and received ByteBufs.
This can be useful for small messages, but for large messages, this can
potentially result in extremely large logs. E.g., a 1 MB payload will
result in over a 1 MB log message being recorded. While LoggingHandler
may only be intended for debugging, this can still be too excessive in
some debugging scenarios.

Modifications

* Create a new ByteBufFormat enum that allows users to specify "SIMPLE"
or "HEX_DUMP" logging for ByteBufs.
* For all constructors that currently accept a LogLevel parameter,
create new overloaded constructors that also accept this enum as a
parameter.
* Continue to record hex dumps by default.

Result

Users will be able to opt out of full hex dump recording, if they wish
to.
2020-01-23 16:50:28 -08:00
Norman Maurer
de3b3678d7
Reduce allocations in ChunkedWriteHandler when processing the queued … (#9960)
Motivation:

At the moment we create a new ChannelFutureListener per chunk when trying to write these to the underlying transport. This can be optimized by replacing the seperate write and flush call with writeAndFlush and only allocate the listener if the future is not complete yet.

Modifications:

- Replace seperate write and flush calls with writeAndFlush
- Only create listener if needed, otherwise execute directly

Result:

Less allocations
2020-01-21 15:34:29 -08:00
Norman Maurer
69cd042401
Remove extra field from ChunkedWriteHandler to make it less error-prone (#9958)
Motivation:

At the moment we use an extra field in ChunedWriteHandler to hold the current write. This is not needed and makes sense even more error-prone. We can just peek in the queue.

Modifications:

Use Queue.peek() to keep track of current write

Result:

Less error-prone code
2020-01-21 07:44:04 -08:00
Norman Maurer
34e3ea9ee8
Add ResolveAddressHandler which can be used to resolve addresses on the fly (#9947)
Motivation:

At the moment resolving addresses during connect is done via setting an AddressResolverGroup on the Bootstrap. While this works most of the times as expected sometimes the user want to trigger the connect() from the Channel itself and not via the Bootstrap. For this cases we should provide a ChannelHandler that the user can use that will do the resolution.

Modifications:

Add ResolveAddressHandler and tests

Result:

Be able to resolve addresses without Bootstrap
2020-01-20 19:26:13 +01:00
Jonathan Leitschuh
4c2fb0b55e Enables lgtm.com to process this project and create a CodeQL database
Motivation:

I'm performing some security research against various Java-based projects as a part of the new [GitHub Security Lab](https://securitylab.github.com/) Bug Bounty program.
Currently, LGTM.com can't create a CodeQL database for this project because of missing dependencies. This fixes the build so it works correctly.

The maintainers may also want to consider enabling the free [LGTM Integration](https://github.com/marketplace/lgtm) once this PR is merged.

Modification:

Adds a `.lgtm.yml` with a tested configuration:
A successful build can be found here:
https://lgtm.com/logs/6695df28f6b2b1d3fd4d03e968b600a3e9c9aecf/lang:java

Result:

LGTM.com will be able to process this repository to create a CodeQL database.
2020-01-17 11:05:53 +01:00
Nitsan Wakart
8410b083b5 Use JCTools 3.0 + do not break on shaded jars API changes (should not be used by downstream) (#9920)
Motivation:

Use latest JCTools, bug fixes etc.

Modification:

Change pom to depend on 3.0.0 version, and ignore shaded jar API changes

Result:

Using newer JCTools
2020-01-15 14:26:36 +01:00
Andrey Mizurov
c9d8152e88 Fix remove 'WebSocketServerExtensionHandler' from pipeline after upgrade (#9940)
Motivation:

We should remove WebSocketServerExtensionHandler from pipeline after successful WebSocket upgrade even if the client has not selected any extensions.

Modification:

Remove handler once upgrade is complete and no extensions are used.

Result:

Fixes #9939.
2020-01-15 10:49:51 +01:00
Norman Maurer
0fd0e7acbd
Remove @UnstableApi annotation from resolver-* (#9952)
Motivation:

The resolver API and implementations should be considered stable by now so we should not mark these with @UnstableApi

Modifications:

Remove @UnstableApi annotation from API and implementation of resolver

Result:

Make it explicit that the API is considered stable
2020-01-15 09:10:13 +01:00
时无两丶
b7b6fc13b4 Close encoder when handlerRemoved. (#9950)
Motivation:

We should close encoder when `LzfEncoder` was removed from pipeline.

Modification:

call `encoder.close` when `handlerRemoved` triggered.

Result:

Close encoder to release internal buffer.
2020-01-14 10:51:30 +01:00
root
9b1ea10a12 [maven-release-plugin] prepare for next development iteration 2020-01-13 09:13:53 +00:00
root
136db8680a [maven-release-plugin] prepare release netty-4.1.45.Final 2020-01-13 09:13:30 +00:00
Nick Hill
607bc05a2c Fix BufferOverflowException during non-Unsafe PooledDirectByteBuf resize (#9912)
Motivation

Recent optimization #9765 introduced a bug where the native indices of
the internal reused duplicate nio buffer are not properly reset prior to
using it to copy data during a reallocation operation. This can result
in BufferOverflowExceptions thrown during ByteBuf capacity changes.

The code path in question applies only to pooled direct buffers when
Unsafe is disabled or not available.

Modification

Ensure ByteBuffer#clear() is always called on the reused internal nio
buffer prior to returning it from PooledByteBuf#internalNioBuffer()
(protected method); add unit test that exposes the bug.

Result

Fixes #9911
2020-01-11 06:04:32 +01:00