(rocketmq) branch develop updated: [ISSUE #7752] Fix ppv2 tls ascii start with (byte)2 (#7753)

Sun, 14 Jan 2024 23:18:57 -0800 

This is an automated email from the ASF dual-hosted git repository.

jinrongtong pushed a commit to branch develop
in repository https://gitbox.apache.org/repos/asf/rocketmq.git


The following commit(s) were added to refs/heads/develop by this push:
     new 89fdab4d58 [ISSUE #7752] Fix ppv2 tls ascii start with (byte)2 (#7753)
89fdab4d58 is described below

commit 89fdab4d5830ce749e79ad5372d2b349e376c45a
Author: dingshuangxi888 <[email protected]>
AuthorDate: Mon Jan 15 15:18:45 2024 +0800

    [ISSUE #7752] Fix ppv2 tls ascii start with (byte)2 (#7753)
    
    * Fix ascii validate for ppv2 tls.
    
    * fix ppv2 tls ascii check
    
    ---------
    
    Co-authored-by: ShuangxiDing <[email protected]>
---
 .../rocketmq/proxy/grpc/ProxyAndTlsProtocolNegotiator.java       | 9 +++++----
 .../org/apache/rocketmq/remoting/netty/NettyRemotingServer.java  | 9 +++++----
 2 files changed, 10 insertions(+), 8 deletions(-)

diff --git 
a/proxy/src/main/java/org/apache/rocketmq/proxy/grpc/ProxyAndTlsProtocolNegotiator.java
 
b/proxy/src/main/java/org/apache/rocketmq/proxy/grpc/ProxyAndTlsProtocolNegotiator.java
index b584ddfbdc..cdf33165d7 100644
--- 
a/proxy/src/main/java/org/apache/rocketmq/proxy/grpc/ProxyAndTlsProtocolNegotiator.java
+++ 
b/proxy/src/main/java/org/apache/rocketmq/proxy/grpc/ProxyAndTlsProtocolNegotiator.java
@@ -41,6 +41,7 @@ import 
io.grpc.netty.shaded.io.netty.handler.ssl.util.InsecureTrustManagerFactor
 import io.grpc.netty.shaded.io.netty.handler.ssl.util.SelfSignedCertificate;
 import io.grpc.netty.shaded.io.netty.util.AsciiString;
 import io.grpc.netty.shaded.io.netty.util.CharsetUtil;
+import java.nio.charset.StandardCharsets;
 import org.apache.commons.collections.CollectionUtils;
 import org.apache.commons.lang3.StringUtils;
 import org.apache.rocketmq.common.constant.HAProxyConstants;
@@ -193,13 +194,13 @@ public class ProxyAndTlsProtocolNegotiator implements 
InternalProtocolNegotiator
                 }
                 if (CollectionUtils.isNotEmpty(msg.tlvs())) {
                     msg.tlvs().forEach(tlv -> {
-                        byte[] valueBytes = 
ByteBufUtil.getBytes(tlv.content());
-                        if (!BinaryUtil.isAscii(valueBytes)) {
-                            return;
-                        }
                         Attributes.Key<String> key = AttributeKeys.valueOf(
                                 HAProxyConstants.PROXY_PROTOCOL_TLV_PREFIX + 
String.format("%02x", tlv.typeByteValue()));
+                        byte[] valueBytes = 
ByteBufUtil.getBytes(tlv.content());
                         String value = StringUtils.trim(new String(valueBytes, 
CharsetUtil.UTF_8));
+                        if 
(!BinaryUtil.isAscii(value.getBytes(StandardCharsets.UTF_8))) {
+                            return;
+                        }
                         builder.set(key, value);
                     });
                 }
diff --git 
a/remoting/src/main/java/org/apache/rocketmq/remoting/netty/NettyRemotingServer.java
 
b/remoting/src/main/java/org/apache/rocketmq/remoting/netty/NettyRemotingServer.java
index 735d36168f..7213b0c24f 100644
--- 
a/remoting/src/main/java/org/apache/rocketmq/remoting/netty/NettyRemotingServer.java
+++ 
b/remoting/src/main/java/org/apache/rocketmq/remoting/netty/NettyRemotingServer.java
@@ -55,6 +55,7 @@ import io.netty.util.TimerTask;
 import io.netty.util.concurrent.DefaultEventExecutorGroup;
 import java.io.IOException;
 import java.net.InetSocketAddress;
+import java.nio.charset.StandardCharsets;
 import java.security.cert.CertificateException;
 import java.time.Duration;
 import java.util.List;
@@ -794,13 +795,13 @@ public class NettyRemotingServer extends 
NettyRemotingAbstract implements Remoti
                 }
                 if (CollectionUtils.isNotEmpty(msg.tlvs())) {
                     msg.tlvs().forEach(tlv -> {
+                        AttributeKey<String> key = AttributeKeys.valueOf(
+                            HAProxyConstants.PROXY_PROTOCOL_TLV_PREFIX + 
String.format("%02x", tlv.typeByteValue()));
                         byte[] valueBytes = 
ByteBufUtil.getBytes(tlv.content());
-                        if (!BinaryUtil.isAscii(valueBytes)) {
+                        String value = StringUtils.trim(new String(valueBytes, 
CharsetUtil.UTF_8));
+                        if 
(!BinaryUtil.isAscii(value.getBytes(StandardCharsets.UTF_8))) {
                             return;
                         }
-                        AttributeKey<String> key = AttributeKeys.valueOf(
-                                HAProxyConstants.PROXY_PROTOCOL_TLV_PREFIX + 
String.format("%02x", tlv.typeByteValue()));
-                        String value = StringUtils.trim(new String(valueBytes, 
CharsetUtil.UTF_8));
                         channel.attr(key).set(value);
                     });
                 }

Reply via email to