David Handermann created NIFI-14209:
---------------------------------------
Summary: NullPointerException in HostHeaderHandler for Invalid
Host Values
Key: NIFI-14209
URL: https://issues.apache.org/jira/browse/NIFI-14209
Project: Apache NiFi
Issue Type: Bug
Affects Versions: 2.2.0
Reporter: David Handermann
Assignee: David Handermann
The {{HostHeaderHandler}} in the framework Jetty Server provides input
validation for the HTTP {{Host}} Header, verifying that it matches an allowed
value based on machine addresses and configured proxy host properties.
Jetty 12 implements Host header checking as part of TLS Server Name Indication
processing, returning an HTTP 400 response when the Host header does not match
a server address and a Subject Alternative Name on the server certificate. In
cases where the server certificate has a valid SAN, but the SAN address is not
the same as the machine address or configured as an allowed proxy host, the
{{HostHeaderHandler}} attempts to return an error message to the HTTP client,
but throws a {{NullPointerException}} for the response stream.
The {{HostHeaderHandler}} implementation should be revisited in light of Jetty
12 TLS Server Name Indication behavior to ensure the configuration aligns. With
Jetty 12 requiring a Subject Alternative Name for the server certificate, the
{{HostHeaderHandler}} may no longer need to perform the same functions, and the
nifi.web.proxy.host property may be an unnecessary check for addresses listed
on the server certificate.
{noformat}
WARN [NiFi Web Server-51] o.a.nifi.web.server.HostHeaderHandler Request URI
[https://cube-1/] Host Header [cube-1] not valid
WARN [NiFi Web Server-51] org.eclipse.jetty.server.Response writeError:
status=500, message=java.lang.NullPointerException: Cannot invoke
"java.io.PrintWriter.println(String)" because "out" is null,
response=ErrorResponse@7c3989e8{500,GET@33bab0c9 https://localhost/ HTTP/2.0}
java.lang.NullPointerException: Cannot invoke
"java.io.PrintWriter.println(String)" because "out" is null
at
org.apache.nifi.web.server.HostHeaderHandler.handle(HostHeaderHandler.java:192)
at org.eclipse.jetty.server.Handler$Sequence.handle(Handler.java:805)
at org.eclipse.jetty.server.Server.handle(Server.java:182)
at
org.eclipse.jetty.server.internal.HttpChannelState$HandlerInvoker.run(HttpChannelState.java:662)
at
org.eclipse.jetty.util.thread.Invocable$ReadyTask.run(Invocable.java:175)
at
org.eclipse.jetty.http2.server.internal.HttpStreamOverHTTP2$1.run(HttpStreamOverHTTP2.java:135)
at
org.eclipse.jetty.util.thread.strategy.AdaptiveExecutionStrategy.runTask(AdaptiveExecutionStrategy.java:480)
at
org.eclipse.jetty.util.thread.strategy.AdaptiveExecutionStrategy.consumeTask(AdaptiveExecutionStrategy.java:443)
at
org.eclipse.jetty.util.thread.strategy.AdaptiveExecutionStrategy.tryProduce(AdaptiveExecutionStrategy.java:293)
at
org.eclipse.jetty.util.thread.strategy.AdaptiveExecutionStrategy.produce(AdaptiveExecutionStrategy.java:195)
at
org.eclipse.jetty.http2.HTTP2Connection.produce(HTTP2Connection.java:209)
at
org.eclipse.jetty.http2.server.internal.HTTP2ServerConnection.onOpen(HTTP2ServerConnection.java:116)
at
org.eclipse.jetty.io.AbstractEndPoint.upgrade(AbstractEndPoint.java:435)
at
org.eclipse.jetty.server.NegotiatingServerConnection.onFillable(NegotiatingServerConnection.java:125)
at
org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:322)
at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:99)
at
org.eclipse.jetty.io.ssl.SslConnection$SslEndPoint.onFillable(SslConnection.java:575)
at
org.eclipse.jetty.io.ssl.SslConnection.onFillable(SslConnection.java:390)
at
org.eclipse.jetty.io.ssl.SslConnection$2.succeeded(SslConnection.java:150)
at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:99)
at
org.eclipse.jetty.io.SelectableChannelEndPoint$1.run(SelectableChannelEndPoint.java:53)
at
org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:979)
at
org.eclipse.jetty.util.thread.QueuedThreadPool$Runner.doRunJob(QueuedThreadPool.java:1209)
at
org.eclipse.jetty.util.thread.QueuedThreadPool$Runner.run(QueuedThreadPool.java:1164)
at java.base/java.lang.Thread.run(Thread.java:1583)
{noformat}
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
