Skip to content

Commit

Permalink
[misc] ensure not loading static class of wrong socketFactory impleme…
Browse files Browse the repository at this point in the history 
…ntation
  • Loading branch information
@rusher
rusher committed Jan 16, 2024
1 parent 5e825c8 commit 3a4443c
Show file tree
Hide file tree
Showing 3 changed files with 32 additions and 3 deletions.
10 changes: 7 additions & 3 deletions src/main/java/org/mariadb/jdbc/client/impl/ConnectionHelper.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -84,9 +84,13 @@ public static Socket standardSocket(Configuration conf, HostAddress hostAddress)
if (socketFactoryName != null) {
if (hostAddress == null) throw new SQLException("hostname must be set to connect socket");
try {
@SuppressWarnings("unchecked")
Class<? extends SocketFactory> socketFactoryClass =
(Class<? extends SocketFactory>) Class.forName(socketFactoryName);
Class<SocketFactory> socketFactoryClass =
(Class<SocketFactory>)
Class.forName(socketFactoryName, false, ConnectionHelper.class.getClassLoader());
if (!SocketFactory.class.isAssignableFrom(socketFactoryClass)) {
throw new IOException(
"Wrong Socket factory implementation '" + conf.socketFactory() + "'");
}
Constructor<? extends SocketFactory> constructor = socketFactoryClass.getConstructor();
socketFactory = constructor.newInstance();
if (socketFactory instanceof ConfigurableSocketFactory) {
Expand Down
8 changes: 8 additions & 0 deletions src/test/java/org/mariadb/jdbc/integration/ConnectionTest.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -975,6 +975,8 @@ public void localSocket() throws Exception {
stmt.execute("DROP USER testSocket");
}

static public int staticTestValue = 0;

@Test
public void socketFactoryTest() throws SQLException {
try (Connection conn = createCon("socketFactory=" + SocketFactoryBasicTest.class.getName())) {
Expand All @@ -989,6 +991,12 @@ public void socketFactoryTest() throws SQLException {
SQLNonTransientConnectionException.class,
() -> createCon("socketFactory=wrongClass"),
"Socket factory failed to initialized with option \"socketFactory\" set to \"wrongClass\"");
assertEquals(0, staticTestValue);
Common.assertThrowsContains(
SQLNonTransientConnectionException.class,
() -> createCon("socketFactory=org.mariadb.jdbc.integration.util.WrongSocketFactoryTest"),
"Socket factory failed to initialized with option \"socketFactory\" set to \"org.mariadb.jdbc.integration.util.WrongSocketFactoryTest\"");
assertEquals(0, staticTestValue);
}

@Test
Expand Down
17 changes: 17 additions & 0 deletions src/test/java/org/mariadb/jdbc/integration/util/WrongSocketFactoryTest.java
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,17 @@
// SPDX-License-Identifier: LGPL-2.1-or-later
// Copyright (c) 2012-2014 Monty Program Ab
// Copyright (c) 2015-2023 MariaDB Corporation Ab
package org.mariadb.jdbc.integration.util;

import org.mariadb.jdbc.integration.ConnectionTest;

public class WrongSocketFactoryTest {

static {
ConnectionTest.staticTestValue = 50;
}

public WrongSocketFactoryTest() {
ConnectionTest.staticTestValue = 100;
}
}

0 comments on commit 3a4443c

Please sign in to comment.