[dubbo] branch 3.1 updated: triple serialize check (#11984)

Thu, 06 Apr 2023 04:32:43 -0700 

This is an automated email from the ASF dual-hosted git repository.

albumenj pushed a commit to branch 3.1
in repository https://gitbox.apache.org/repos/asf/dubbo.git


The following commit(s) were added to refs/heads/3.1 by this push:
     new 03647452d5 triple serialize check (#11984)
03647452d5 is described below

commit 03647452d5a9b4dc2acafc531f4f26e45fef556c
Author: earthchen <[email protected]>
AuthorDate: Thu Apr 6 19:32:21 2023 +0800

    triple serialize check (#11984)
    
    * no wrap
    
    * remove unused code
    
    * fix ut
    
    * fix ut
---
 .../dubbo/remoting/transport/CodecSupport.java     |  7 +++++
 .../rpc/protocol/tri/ReflectionPackableMethod.java | 31 +++++++++++++++++-----
 2 files changed, 32 insertions(+), 6 deletions(-)

diff --git 
a/dubbo-remoting/dubbo-remoting-api/src/main/java/org/apache/dubbo/remoting/transport/CodecSupport.java
 
b/dubbo-remoting/dubbo-remoting-api/src/main/java/org/apache/dubbo/remoting/transport/CodecSupport.java
index affbb88535..591c38b862 100644
--- 
a/dubbo-remoting/dubbo-remoting-api/src/main/java/org/apache/dubbo/remoting/transport/CodecSupport.java
+++ 
b/dubbo-remoting/dubbo-remoting-api/src/main/java/org/apache/dubbo/remoting/transport/CodecSupport.java
@@ -184,4 +184,11 @@ public class CodecSupport {
     }
 
 
+    public static void checkSerialization(String expectSerializeName, String 
actualSerializeName)throws IOException {
+        if (expectSerializeName.equals(actualSerializeName)
+            && SERIALIZATIONNAME_ID_MAP.containsKey(expectSerializeName)) {
+            return;
+        }
+        throw new IOException("Unexpected serialization type:" + 
actualSerializeName + " received from network, please check if the peer send 
the right id.");
+    }
 }
diff --git 
a/dubbo-rpc/dubbo-rpc-triple/src/main/java/org/apache/dubbo/rpc/protocol/tri/ReflectionPackableMethod.java
 
b/dubbo-rpc/dubbo-rpc-triple/src/main/java/org/apache/dubbo/rpc/protocol/tri/ReflectionPackableMethod.java
index 52e6afc01f..8c52ab8ad1 100644
--- 
a/dubbo-rpc/dubbo-rpc-triple/src/main/java/org/apache/dubbo/rpc/protocol/tri/ReflectionPackableMethod.java
+++ 
b/dubbo-rpc/dubbo-rpc-triple/src/main/java/org/apache/dubbo/rpc/protocol/tri/ReflectionPackableMethod.java
@@ -23,6 +23,7 @@ import 
org.apache.dubbo.common.serialize.MultipleSerialization;
 import org.apache.dubbo.common.serialize.support.DefaultSerializationSelector;
 import org.apache.dubbo.common.stream.StreamObserver;
 import org.apache.dubbo.config.Constants;
+import org.apache.dubbo.remoting.transport.CodecSupport;
 import org.apache.dubbo.rpc.model.MethodDescriptor;
 import org.apache.dubbo.rpc.model.PackableMethod;
 
@@ -91,11 +92,14 @@ public class ReflectionPackableMethod implements 
PackableMethod {
                 
.getExtension(url.getParameter(Constants.MULTI_SERIALIZATION_KEY,
                     CommonConstants.DEFAULT_KEY));
 
+            // client
             this.requestPack = new WrapRequestPack(serialization, url, 
serializeName, actualRequestTypes,
                 singleArgument);
-            this.responsePack = new WrapResponsePack(serialization, url, 
actualResponseType);
-            this.requestUnpack = new WrapRequestUnpack(serialization, url, 
actualRequestTypes);
-            this.responseUnpack = new WrapResponseUnpack(serialization, url, 
actualResponseType);
+            this.responseUnpack = new WrapResponseUnpack(serialization, url, 
serializeName, actualResponseType);
+
+            // server
+            this.responsePack = new WrapResponsePack(serialization, url, 
serializeName, actualResponseType);
+            this.requestUnpack = new WrapRequestUnpack(serialization, url, 
serializeName, actualRequestTypes);
         }
     }
 
@@ -310,13 +314,15 @@ public class ReflectionPackableMethod implements 
PackableMethod {
         private final URL url;
 
         private final Class<?> actualResponseType;
+        // wrapper request set serialize type
         String serialize;
 
-        private WrapResponsePack(MultipleSerialization multipleSerialization, 
URL url,
+        private WrapResponsePack(MultipleSerialization multipleSerialization, 
URL url, String defaultSerialize,
                                  Class<?> actualResponseType) {
             this.multipleSerialization = multipleSerialization;
             this.url = url;
             this.actualResponseType = actualResponseType;
+            this.serialize = defaultSerialize;
         }
 
         @Override
@@ -338,11 +344,14 @@ public class ReflectionPackableMethod implements 
PackableMethod {
         private final URL url;
         private final Class<?> returnClass;
 
+        private final String requestSerializeName;
+
 
-        private WrapResponseUnpack(MultipleSerialization serialization, URL 
url, Class<?> returnClass) {
+        private WrapResponseUnpack(MultipleSerialization serialization, URL 
url, String requestSerializeName, Class<?> returnClass) {
             this.serialization = serialization;
             this.url = url;
             this.returnClass = returnClass;
+            this.requestSerializeName = requestSerializeName;
         }
 
         @Override
@@ -350,6 +359,9 @@ public class ReflectionPackableMethod implements 
PackableMethod {
             TripleCustomerProtocolWapper.TripleResponseWrapper wrapper = 
TripleCustomerProtocolWapper.TripleResponseWrapper
                 .parseFrom(data);
             final String serializeType = 
convertHessianFromWrapper(wrapper.getSerializeType());
+
+            CodecSupport.checkSerialization(requestSerializeName, 
serializeType);
+
             ByteArrayInputStream bais = new 
ByteArrayInputStream(wrapper.getData());
             return serialization.deserialize(url, serializeType, returnClass, 
bais);
         }
@@ -440,16 +452,23 @@ public class ReflectionPackableMethod implements 
PackableMethod {
 
         private final Class<?>[] actualRequestTypes;
 
-        private WrapRequestUnpack(MultipleSerialization serialization, URL 
url, Class<?>[] actualRequestTypes) {
+        private final String serializeName;
+
+        private WrapRequestUnpack(MultipleSerialization serialization, URL 
url, String serializeName, Class<?>[] actualRequestTypes) {
             this.serialization = serialization;
             this.url = url;
             this.actualRequestTypes = actualRequestTypes;
+            this.serializeName = serializeName;
         }
 
         @Override
         public Object unpack(byte[] data) throws IOException, 
ClassNotFoundException {
             TripleCustomerProtocolWapper.TripleRequestWrapper wrapper = 
TripleCustomerProtocolWapper.TripleRequestWrapper.parseFrom(
                 data);
+
+            String wrapperSerializeType = 
convertHessianFromWrapper(wrapper.getSerializeType());
+            CodecSupport.checkSerialization(serializeName, 
wrapperSerializeType);
+
             Object[] ret = new Object[wrapper.getArgs().size()];
             ((WrapResponsePack) responsePack).serialize = 
wrapper.getSerializeType();
             for (int i = 0; i < wrapper.getArgs().size(); i++) {

Reply via email to