Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

NPE in CipherSuiteConverter.toJava(CipherSuiteConverter.java:281) #6336

Closed
rkapsi opened this issue Feb 8, 2017 · 3 comments
Closed

NPE in CipherSuiteConverter.toJava(CipherSuiteConverter.java:281) #6336

rkapsi opened this issue Feb 8, 2017 · 3 comments
Assignees
@Scottmitch
Labels
defect
Milestone
4.0.45.Final

Comments

@rkapsi
Copy link
Member

rkapsi commented Feb 8, 2017

Providing repro shortly but it's triggered by an Unit Test for the OCSP Stapling PR.

Basically... OpenSSL (native) is calling my OCSP callback (java) which throws for the sake of the test an Exception. Instead of bubbling up the Exceptions it's running into an unhandled (?) NPE and my purposely thrown Exception gets swallowed somewhere.

Netty 4.1.9.Final-SNAPSHOT

The NPE's stack looks like this:

io.netty.handler.codec.DecoderException: java.lang.NullPointerException
	at io.netty.handler.codec.ByteToMessageDecoder.callDecode(ByteToMessageDecoder.java:442)
	at io.netty.handler.codec.ByteToMessageDecoder.channelRead(ByteToMessageDecoder.java:248)
	at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:362)
	at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:348)
	at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:340)
	at io.netty.channel.DefaultChannelPipeline$HeadContext.channelRead(DefaultChannelPipeline.java:1334)
	at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:362)
	at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:348)
	at io.netty.channel.DefaultChannelPipeline.fireChannelRead(DefaultChannelPipeline.java:926)
	at io.netty.channel.local.LocalChannel.finishPeerRead0(LocalChannel.java:443)
	at io.netty.channel.local.LocalChannel.access$11(LocalChannel.java:424)
	at io.netty.channel.local.LocalChannel$5.run(LocalChannel.java:397)
	at io.netty.channel.DefaultEventLoop.run(DefaultEventLoop.java:54)
	at io.netty.util.concurrent.SingleThreadEventExecutor$5.run(SingleThreadEventExecutor.java:858)
	at io.netty.util.concurrent.DefaultThreadFactory$DefaultRunnableDecorator.run(DefaultThreadFactory.java:144)
	at java.lang.Thread.run(Thread.java:745)
Caused by: java.lang.NullPointerException
	at io.netty.handler.ssl.CipherSuiteConverter.toJava(CipherSuiteConverter.java:281)
	at io.netty.handler.ssl.ReferenceCountedOpenSslEngine.toJavaCipherSuite(ReferenceCountedOpenSslEngine.java:1539)
	at io.netty.handler.ssl.ReferenceCountedOpenSslEngine.access$4(ReferenceCountedOpenSslEngine.java:1533)
	at io.netty.handler.ssl.ReferenceCountedOpenSslEngine$OpenSslSession.handshakeFinished(ReferenceCountedOpenSslEngine.java:1862)
	at io.netty.handler.ssl.ReferenceCountedOpenSslEngine.handshake(ReferenceCountedOpenSslEngine.java:1499)
	at io.netty.handler.ssl.ReferenceCountedOpenSslEngine.wrap(ReferenceCountedOpenSslEngine.java:640)
	at javax.net.ssl.SSLEngine.wrap(SSLEngine.java:509)
	at io.netty.handler.ssl.SslHandler.wrap(SslHandler.java:836)
	at io.netty.handler.ssl.SslHandler.wrap(SslHandler.java:659)
	at io.netty.handler.ssl.SslHandler.wrapAndFlush(SslHandler.java:631)
	at io.netty.handler.ssl.SslHandler.decode(SslHandler.java:1050)
	at io.netty.handler.codec.ByteToMessageDecoder.callDecode(ByteToMessageDecoder.java:411)
	... 15 more

The throw stack looks like this (OcspTest.java:314 throws a IllegalStateException)

java.lang.Exception: Stack trace
	at java.lang.Thread.dumpStack(Thread.java:1333)
	at io.netty.handler.ssl.ocsp.OcspTest$13.staple(OcspTest.java:314)
	at io.netty.handler.ssl.ReferenceCountedOpenSslContext$ServerOcspCallback.callback(ReferenceCountedOpenSslContext.java:893)
	at io.netty.tcnative.jni.SSL.readFromSSL(Native Method)
	at io.netty.handler.ssl.ReferenceCountedOpenSslEngine.readPlaintextData(ReferenceCountedOpenSslEngine.java:479)
	at io.netty.handler.ssl.ReferenceCountedOpenSslEngine.unwrap(ReferenceCountedOpenSslEngine.java:936)
	at io.netty.handler.ssl.ReferenceCountedOpenSslEngine.unwrap(ReferenceCountedOpenSslEngine.java:1042)
	at io.netty.handler.ssl.ReferenceCountedOpenSslEngine.unwrap(ReferenceCountedOpenSslEngine.java:1085)
	at io.netty.handler.ssl.SslHandler$SslEngineType$1.unwrap(SslHandler.java:206)
	at io.netty.handler.ssl.SslHandler.unwrap(SslHandler.java:1123)
	at io.netty.handler.ssl.SslHandler.decode(SslHandler.java:1045)
	at io.netty.handler.codec.ByteToMessageDecoder.callDecode(ByteToMessageDecoder.java:411)
	at io.netty.handler.codec.ByteToMessageDecoder.channelRead(ByteToMessageDecoder.java:248)
	at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:362)
	at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:348)
	at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:340)
	at io.netty.channel.DefaultChannelPipeline$HeadContext.channelRead(DefaultChannelPipeline.java:1334)
	at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:362)
	at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:348)
	at io.netty.channel.DefaultChannelPipeline.fireChannelRead(DefaultChannelPipeline.java:926)
	at io.netty.channel.local.LocalChannel.finishPeerRead0(LocalChannel.java:443)
	at io.netty.channel.local.LocalChannel.access$11(LocalChannel.java:424)
	at io.netty.channel.local.LocalChannel$5.run(LocalChannel.java:397)
	at io.netty.channel.DefaultEventLoop.run(DefaultEventLoop.java:54)
	at io.netty.util.concurrent.SingleThreadEventExecutor$5.run(SingleThreadEventExecutor.java:858)
	at io.netty.util.concurrent.DefaultThreadFactory$DefaultRunnableDecorator.run(DefaultThreadFactory.java:144)
	at java.lang.Thread.run(Thread.java:745)
@rkapsi rkapsi mentioned this issue Feb 8, 2017
Closed
@Scottmitch
Copy link
Member

any idea what the parameter values are static String toJava(String openSslCipherSuite, String protocol)?

@rkapsi
Copy link
Member Author

rkapsi commented Feb 9, 2017

Will find out tomorrow morning.

@Scottmitch
Copy link
Member

@rkapsi - Just realized you pushed your code so I can do it my self too :)

openSslCipherSuite: "(NONE)"
protocol: "TLS"

@Scottmitch Scottmitch self-assigned this Feb 9, 2017
@Scottmitch Scottmitch added this to the 4.1.9.Final milestone Feb 9, 2017
Scottmitch added a commit to Scottmitch/netty that referenced this issue Feb 13, 2017
@Scottmitch
CipherSuiteConverter NPE
448f4ee 
Motivation:
CipherSuiteConverter may throw a NPE if a cipher suite from OpenSSL does not match the precomputed regular expression for OpenSSL ciphers. This method shouldn't throw and instead just return null.

Modifications:
- if cacheFromOpenSsl(..) fails the conversion toJava should return null

Result:
Fixes netty#6336.
@Scottmitch Scottmitch mentioned this issue Feb 13, 2017
Closed
Scottmitch added a commit that referenced this issue Feb 13, 2017
@Scottmitch
CipherSuiteConverter NPE
f7434c5 
Motivation:
CipherSuiteConverter may throw a NPE if a cipher suite from OpenSSL does not match the precomputed regular expression for OpenSSL ciphers. This method shouldn't throw and instead just return null.

Modifications:
- if cacheFromOpenSsl(..) fails the conversion toJava should return null

Result:
Fixes #6336.
liuzhengyang pushed a commit to liuzhengyang/netty that referenced this issue Sep 10, 2017
@Scottmitch
CipherSuiteConverter NPE
779d222 
Motivation:
CipherSuiteConverter may throw a NPE if a cipher suite from OpenSSL does not match the precomputed regular expression for OpenSSL ciphers. This method shouldn't throw and instead just return null.

Modifications:
- if cacheFromOpenSsl(..) fails the conversion toJava should return null

Result:
Fixes netty#6336.
kiril-me pushed a commit to kiril-me/netty that referenced this issue Feb 28, 2018
@Scottmitch @kiril-me
CipherSuiteConverter NPE
ae7b743 
Motivation:
CipherSuiteConverter may throw a NPE if a cipher suite from OpenSSL does not match the precomputed regular expression for OpenSSL ciphers. This method shouldn't throw and instead just return null.

Modifications:
- if cacheFromOpenSsl(..) fails the conversion toJava should return null

Result:
Fixes netty#6336.
pulllock pushed a commit to pulllock/netty that referenced this issue Oct 19, 2023
@Scottmitch
CipherSuiteConverter NPE
efa371c 
Motivation:
CipherSuiteConverter may throw a NPE if a cipher suite from OpenSSL does not match the precomputed regular expression for OpenSSL ciphers. This method shouldn't throw and instead just return null.

Modifications:
- if cacheFromOpenSsl(..) fails the conversion toJava should return null

Result:
Fixes netty#6336.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@Scottmitch Scottmitch

Labels
defect
Projects
None yet
Milestone
4.0.45.Final
Development

No branches or pull requests
3 participants
@rkapsi @normanmaurer @Scottmitch