Re: [tomcat] branch main updated: 66035: Add NULL check on the SSL session reference

Wed, 27 Apr 2022 13:32:33 -0700 

Rémy,

On 4/27/22 07:08, r...@apache.org wrote:

This is an automated email from the ASF dual-hosted git repository.

remm pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tomcat.git


The following commit(s) were added to refs/heads/main by this push:
      new c8ecaa44f6 66035: Add NULL check on the SSL session reference
c8ecaa44f6 is described below

commit c8ecaa44f6a110873bd7bf8b3c2f08354e2900d8
Author: remm <r...@apache.org>
AuthorDate: Wed Apr 27 13:08:08 2022 +0200

     66035: Add NULL check on the SSL session reference
Add NULL check on the SSL session reference in the Panama code before 
     accessing the session id and creation time.
Should this be done in tcnative as well? Or was this intended to be a belt-and-suspenders check to avoid the problem whether or not it exists in tcnative? 

I think the attached patch ought to do it for tcnative.

-chris

=== CUT ===
diff --git a/native/src/ssl.c b/native/src/ssl.c
index d59246ea3..5329a93da 100644
--- a/native/src/ssl.c
+++ b/native/src/ssl.c
@@ -2001,8 +2001,12 @@ TCN_IMPLEMENT_CALL(jbyteArray, SSL, getSessionId)(TCN_STDARGS, jlong ssl) 
     }
     UNREFERENCED(o);
     session = SSL_get_session(ssl_);
-    session_id = SSL_SESSION_get_id(session, &len);
+    if (NULL == session) {
+        tcn_ThrowException(e, "ssl session is null");
+        return NULL;
+    }

+    session_id = SSL_SESSION_get_id(session, &len);
     if (len == 0 || session_id == NULL) {
         return NULL;
     }
diff --git a/native/src/sslnetwork.c b/native/src/sslnetwork.c
index 6e5960f91..46b253ec8 100644
--- a/native/src/sslnetwork.c
+++ b/native/src/sslnetwork.c
@@ -689,7 +689,7 @@ TCN_IMPLEMENT_CALL(jint, SSLSocket, renegotiate)(TCN_STDARGS, 

 #if defined(SSL_OP_NO_TLSv1_3)
     session  = SSL_get_session(con->ssl);
-    if (SSL_SESSION_get_protocol_version(session) == TLS1_3_VERSION) {
+ if (NULL != session && SSL_SESSION_get_protocol_version(session) == TLS1_3_VERSION) { 
         // TLS 1.3 renegotiation
         retVal = SSL_verify_client_post_handshake(con->ssl);
         if (retVal <= 0) {

=== CUT ===



---
  .../org/apache/tomcat/util/net/openssl/panama/OpenSSLEngine.java   | 7 ++++++-
  webapps/docs/changelog.xml                                         | 4 ++++
  2 files changed, 10 insertions(+), 1 deletion(-)

diff --git 
a/modules/openssl-java17/src/main/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLEngine.java
 
b/modules/openssl-java17/src/main/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLEngine.java
index e34759c913..52e0677144 100644
--- 
a/modules/openssl-java17/src/main/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLEngine.java
+++ 
b/modules/openssl-java17/src/main/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLEngine.java
@@ -1568,6 +1568,9 @@ public final class OpenSSLEngine extends SSLEngine 
implements SSLUtil.ProtocolIn
                      var allocator = SegmentAllocator.ofScope(engineScope);
                      MemorySegment lenPointer = 
allocator.allocate(CLinker.C_POINTER);
                      var session = SSL_get_session(state.ssl);
+                    if (MemoryAddress.NULL.equals(session)) {
+                        return new byte[0];
+                    }
                      MemoryAddress sessionId = SSL_SESSION_get_id(session, 
lenPointer);
                      int length = MemoryAccess.getInt(lenPointer);
                      id = (length == 0) ? new byte[0] : 
sessionId.asSegment(length, engineScope).toByteArray();
@@ -1589,7 +1592,9 @@ public final class OpenSSLEngine extends SSLEngine 
implements SSLUtil.ProtocolIn
              synchronized (OpenSSLEngine.this) {
                  if (!destroyed) {
                      var session = SSL_get_session(state.ssl);
-                    creationTime = SSL_SESSION_get_time(session);
+                    if (!MemoryAddress.NULL.equals(session)) {
+                        creationTime = SSL_SESSION_get_time(session);
+                    }
                  }
              }
              return creationTime * 1000L;
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index 3df044a28f..702914aadd 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -144,6 +144,10 @@
          Tomcat will not be running on a JRE where these issues are present.
          (markt)
        </scode>
+      <fix>
+        <bug>66035</bug>: Add NULL check on the SSL session reference in the
+        Panama code before accessing the session id and creation time. (remm)
+      </fix>
      </changelog>
    </subsection>
    <subsection name="Jasper">


---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org



---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Reply via email to