[GitHub] [mina-sshd] lgoldstein commented on a diff in pull request #222: SSHD-1266 - fix for issue with critical option data encoding and smal…

GitBox Tue, 10 May 2022 09:04:56 -0700


lgoldstein commented on code in PR #222:
URL: https://github.com/apache/mina-sshd/pull/222#discussion_r869427309



##########
sshd-common/src/main/java/org/apache/sshd/common/util/buffer/Buffer.java:
##########
@@ -348,29 +348,36 @@ public List<OpenSshCertificate.CertificateOption> 
getCertificateOptions() {
 
     /**
      * According to <A HREF=
-     * 
"https://github.com/openssh/openssh-portable/blob/master/PROTOCOL.certkeys#L222-L262";>PROTOCOL.certkeys</A>:
+     * 
"https://github.com/openssh/openssh-portable/blob/master/PROTOCOL.certkeys#L221-L319";>PROTOCOL.certkeys</A>:
      *
      * Critical Options is a set of bytes that is
      *
-     * [overall length][name(string)][data(string)]...
+     * [overall length][name(string)][[length of buffer][[length of 
string][data(string)]]]...
      *
-     * Where each Critical Option is encoded as a name (string) and data 
(string)
+     * Where each Certificate Option is encoded as a name (string) and buffer 
of data (string packed in a buffer)
      *
-     * Then the entire name + data strings are added as bytes (which will get 
a length prefix)
+     * Then the entire name (string) + data (buffer) are added as bytes (which 
will get a length prefix)
      *
      * @param  charset {@link Charset} to use for converting bytes to 
characters
      * @return         the parsed result, never {@code null}, but possibly 
empty
      */
     public List<OpenSshCertificate.CertificateOption> 
getCertificateOptions(Charset charset) {
-        // pull out entire Critical Options section
-        final ByteArrayBuffer optionBuffer = new ByteArrayBuffer(getBytes());
-
         List<OpenSshCertificate.CertificateOption> list = new ArrayList<>();
 
-        while (optionBuffer.available() > 0) {
-            String name = optionBuffer.getString(charset);
-            String data = 
GenericUtils.trimToEmpty(optionBuffer.getString(charset));
-            list.add(new OpenSshCertificate.CertificateOption(name, 
data.length() > 0 ? data : null));
+        if (available() > 0) {
+            // pull out entire Certificate Options section
+            final ByteArrayBuffer optionBuffer = new 
ByteArrayBuffer(getBytes());

Review Comment:
   No need for *final* keyword



##########
sshd-common/src/main/java/org/apache/sshd/common/util/buffer/Buffer.java:
##########
@@ -348,29 +348,36 @@ public List<OpenSshCertificate.CertificateOption> 
getCertificateOptions() {
 
     /**
      * According to <A HREF=
-     * 
"https://github.com/openssh/openssh-portable/blob/master/PROTOCOL.certkeys#L222-L262";>PROTOCOL.certkeys</A>:
+     * 
"https://github.com/openssh/openssh-portable/blob/master/PROTOCOL.certkeys#L221-L319";>PROTOCOL.certkeys</A>:
      *
      * Critical Options is a set of bytes that is
      *
-     * [overall length][name(string)][data(string)]...
+     * [overall length][name(string)][[length of buffer][[length of 
string][data(string)]]]...
      *
-     * Where each Critical Option is encoded as a name (string) and data 
(string)
+     * Where each Certificate Option is encoded as a name (string) and buffer 
of data (string packed in a buffer)
      *
-     * Then the entire name + data strings are added as bytes (which will get 
a length prefix)
+     * Then the entire name (string) + data (buffer) are added as bytes (which 
will get a length prefix)
      *
      * @param  charset {@link Charset} to use for converting bytes to 
characters
      * @return         the parsed result, never {@code null}, but possibly 
empty
      */
     public List<OpenSshCertificate.CertificateOption> 
getCertificateOptions(Charset charset) {
-        // pull out entire Critical Options section
-        final ByteArrayBuffer optionBuffer = new ByteArrayBuffer(getBytes());
-
         List<OpenSshCertificate.CertificateOption> list = new ArrayList<>();
 
-        while (optionBuffer.available() > 0) {
-            String name = optionBuffer.getString(charset);
-            String data = 
GenericUtils.trimToEmpty(optionBuffer.getString(charset));
-            list.add(new OpenSshCertificate.CertificateOption(name, 
data.length() > 0 ? data : null));
+        if (available() > 0) {
+            // pull out entire Certificate Options section
+            final ByteArrayBuffer optionBuffer = new 
ByteArrayBuffer(getBytes());

Review Comment:
   Why can't it be `Buffer optionBuffer = new ...` - are you using any 
*ByteArrayBuffer* methods that are not available via the *Buffer* class ?
   
   Hint: recommend to use the "weakest" variable type you need and not what you 
know its full type is.



##########
sshd-common/src/main/java/org/apache/sshd/common/util/buffer/Buffer.java:
##########
@@ -348,29 +348,36 @@ public List<OpenSshCertificate.CertificateOption> 
getCertificateOptions() {
 
     /**
      * According to <A HREF=
-     * 
"https://github.com/openssh/openssh-portable/blob/master/PROTOCOL.certkeys#L222-L262";>PROTOCOL.certkeys</A>:
+     * 
"https://github.com/openssh/openssh-portable/blob/master/PROTOCOL.certkeys#L221-L319";>PROTOCOL.certkeys</A>:
      *
      * Critical Options is a set of bytes that is
      *
-     * [overall length][name(string)][data(string)]...
+     * [overall length][name(string)][[length of buffer][[length of 
string][data(string)]]]...
      *
-     * Where each Critical Option is encoded as a name (string) and data 
(string)
+     * Where each Certificate Option is encoded as a name (string) and buffer 
of data (string packed in a buffer)
      *
-     * Then the entire name + data strings are added as bytes (which will get 
a length prefix)
+     * Then the entire name (string) + data (buffer) are added as bytes (which 
will get a length prefix)
      *
      * @param  charset {@link Charset} to use for converting bytes to 
characters
      * @return         the parsed result, never {@code null}, but possibly 
empty
      */
     public List<OpenSshCertificate.CertificateOption> 
getCertificateOptions(Charset charset) {
-        // pull out entire Critical Options section
-        final ByteArrayBuffer optionBuffer = new ByteArrayBuffer(getBytes());
-
         List<OpenSshCertificate.CertificateOption> list = new ArrayList<>();
 
-        while (optionBuffer.available() > 0) {
-            String name = optionBuffer.getString(charset);
-            String data = 
GenericUtils.trimToEmpty(optionBuffer.getString(charset));
-            list.add(new OpenSshCertificate.CertificateOption(name, 
data.length() > 0 ? data : null));
+        if (available() > 0) {
+            // pull out entire Certificate Options section
+            final ByteArrayBuffer optionBuffer = new 
ByteArrayBuffer(getBytes());
+
+            while (optionBuffer.available() > 0) {
+                String name = optionBuffer.getString(charset);
+                String data = null;
+                final ByteArrayBuffer dataBuffer = new 
ByteArrayBuffer(optionBuffer.getBytes());

Review Comment:
   Same remarks as before (including no need for *final*)



##########
sshd-core/src/main/java/org/apache/sshd/certificate/OpenSshCertificateBuilder.java:
##########
@@ -104,7 +110,21 @@ public OpenSshCertificateBuilder 
principals(Collection<String> principals) {
     }
 
     public OpenSshCertificateBuilder 
criticalOptions(List<OpenSshCertificate.CertificateOption> criticalOptions) {
-        this.criticalOptions = criticalOptions;
+        if (criticalOptions != null && !criticalOptions.isEmpty()) {
+            // check if any duplicates
+            Set<String> names = new HashSet<String>();

Review Comment:
   No need to specify type of *HashSet* use diamond...



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org
For additional commands, e-mail: dev-h...@mina.apache.org

[GitHub] [mina-sshd] lgoldstein commented on a diff in pull request #222: SSHD-1266 - fix for issue with critical option data encoding and smal…

Reply via email to