external-software/github_OpenIdentityPlatform_OpenDJ.git

parent: 6b554bbf | patch | commit | ignore whitespace

FIX unused trailing bytes in ASN.1 SEQUENCE (#296)

vharseko

29.09.2023 13fed9d155554880852ee313b65f5b5a4fa0db3d

FIX unused trailing bytes in ASN.1 SEQUENCE (#296)

6 files modified

	.github/workflows/build.yml	24 ●●●●● patch \| view \| raw \| blame \| history
	opendj-grizzly/src/main/java/org/forgerock/opendj/grizzly/ASN1BufferReader.java	21 ●●●●● patch \| view \| raw \| blame \| history
	opendj-grizzly/src/main/java/org/forgerock/opendj/grizzly/DefaultTCPNIOTransport.java	2 ●●●●● patch \| view \| raw \| blame \| history
	opendj-grizzly/src/main/java/org/forgerock/opendj/grizzly/LDAPClientFilter.java	2 ●●●●● patch \| view \| raw \| blame \| history
	opendj-grizzly/src/main/java/org/forgerock/opendj/grizzly/ServerTCPNIOTransport.java	2 ●●●●● patch \| view \| raw \| blame \| history
	opendj-ldap-toolkit/src/test/java/com/forgerock/opendj/ldap/tools/AuthRateITCase.java	4 ●●●●● patch \| view \| raw \| blame \| history

 .github/workflows/build.yml

@@ -41,27 +41,15 @@
         path: ~/.m2/repository
         key: ${{ runner.os }}-m2-repository-${{ hashFiles('**/pom.xml') }}
         restore-keys: ${{ runner.os }}-m2-repository
    - name: Set Integration Test Environment
      id: maven-profile-flag
      if: runner.os != 'Windows'
      run:   | 
        echo "MAVEN_PROFILE_FLAG=-P precommit" >> $GITHUB_OUTPUT 
    - name: Build with Maven
      env:
        MAVEN_OPTS: -Dhttps.protocols=TLSv1.2 -Dmaven.wagon.httpconnectionManager.ttlSeconds=120 -Dmaven.wagon.http.retryHandler.requestSentEnabled=true -Dmaven.wagon.http.retryHandler.count=10
      run: mvn --batch-mode --errors --update-snapshots package --file pom.xml
    - name: IT test
      id: failsafe
      if: runner.os != 'Windows'
      timeout-minutes: 120
      env:
        MAVEN_OPTS: -Dhttps.protocols=TLSv1.2 -Dmaven.wagon.httpconnectionManager.ttlSeconds=120 -Dmaven.wagon.http.retryHandler.requestSentEnabled=true -Dmaven.wagon.http.retryHandler.count=10
      run:   |
        cat /etc/hosts
        mvn --batch-mode --errors verify --file opendj-server-legacy/pom.xml -P precommit
    - name: Upload IT test failiure opendj-server-legacy/target
      uses: actions/upload-artifact@v3
      if: failure()
      with:
        name: failsafe-${{ matrix.os }}-${{ matrix.java }}
        retention-days: 5
        path:  |
            opendj-server-legacy/target/
      run: mvn --batch-mode --errors --update-snapshots verify --file pom.xml ${{ steps.maven-profile-flag.outputs.MAVEN_PROFILE_FLAG }}
    - name: Test on Unix
      if: runner.os != 'Windows'
      run:   |

 opendj-grizzly/src/main/java/org/forgerock/opendj/grizzly/ASN1BufferReader.java

@@ -35,7 +35,13 @@
/** Grizzly ASN1 reader implementation. */
final class ASN1BufferReader extends AbstractASN1Reader {
    private final class ChildSequenceLimiter implements SequenceLimiter {
        private SequenceLimiter parent;
        @Override
        public String toString() {
            return "ChildSequenceLimiter [parent=" + parent + ", child=" + child + ", readLimit=" + readLimit
                    + ", bytesRead=" + bytesRead + ", remaining()=" + remaining() + "]";
        }

        private SequenceLimiter parent;
        private ChildSequenceLimiter child;
        private int readLimit;
        private int bytesRead;
@@ -55,7 +61,7 @@
            parent.checkLimit(remaining());
            if (remaining() > 0) {
                logger.debug(LocalizableMessage.raw(
                    "Ignoring %d unused trailing bytes in ASN.1 SEQUENCE", remaining()));
                    "Ignoring %d unused trailing bytes in ASN.1 SEQUENCE: %s", remaining(),toString()));
            }
            for (int i = 0; i < remaining(); i++) {
                buffer.get();
@@ -81,11 +87,16 @@
    }

    private final class RootSequenceLimiter implements SequenceLimiter {
        private ChildSequenceLimiter child;
        @Override
        public String toString() {
            return "RootSequenceLimiter [remaining()=" + remaining() + "]";
        }

        private ChildSequenceLimiter child;

        @Override
        public void checkLimit(final int readSize) throws IOException {
            if (buffer.remaining() < readSize) {
            if ( remaining() < readSize) {
                final LocalizableMessage message = ERR_ASN1_TRUNCATED_LENGTH_BYTE.get();
                throw DecodeException.fatalError(message);
            }
@@ -99,7 +110,7 @@

        @Override
        public int remaining() {
            return buffer.remaining();
            return buffer.hasRemaining() ? buffer.remaining() : 0;
        }

        @Override

 opendj-grizzly/src/main/java/org/forgerock/opendj/grizzly/DefaultTCPNIOTransport.java

@@ -135,7 +135,7 @@
            // Enabled by default.
            builder.setReuseAddress(Boolean.parseBoolean(reuseAddressStr));
        }
        //builder.setMemoryManager(new PooledMemoryManager(true));
        builder.setMemoryManager(new PooledMemoryManager(true));
        

        final TCPNIOTransport transport = builder.build();

 opendj-grizzly/src/main/java/org/forgerock/opendj/grizzly/LDAPClientFilter.java

@@ -429,7 +429,7 @@
                return ctx.getStopAction(buffer.duplicate());
            }
            final int length = reader.peekLength();
            final Buffer remainder = buffer.remaining() > length ? buffer.split(buffer.position() + length) : null;
            final Buffer remainder = (buffer.hasRemaining() && buffer.remaining() > length) ? buffer.split(buffer.position() + length) : null;
            buffer.reset();
            try (final ASN1BufferReader packetReader =
                    new ASN1BufferReader(maxASN1ElementSize, buffer.asReadOnlyBuffer())) {

 opendj-grizzly/src/main/java/org/forgerock/opendj/grizzly/ServerTCPNIOTransport.java

@@ -98,7 +98,7 @@
            builder.setReuseAddress(Boolean.parseBoolean(reuseAddressStr));
        }
        // Force usage of PooledMemoryManager which allows to use grizzly's buffers across threads.
        //builder.setMemoryManager(new PooledMemoryManager(true));
        builder.setMemoryManager(new PooledMemoryManager(true));

        final TCPNIOTransport transport = builder.build();


 opendj-ldap-toolkit/src/test/java/com/forgerock/opendj/ldap/tools/AuthRateITCase.java

@@ -50,7 +50,7 @@
                args("-h", TestCaseUtils.getServerSocketAddress().getHostName(),
                     "-p", Integer.toString(TestCaseUtils.getServerSocketAddress().getPort()),
                     "-g", "rand(0,1000)", "-D", "uid=%d,ou=people,o=test", "-w", "password",
                     "-i", "1", "-c", "1", "-m", "10", "-f", "-S", "-B", "0"),
                     "-i", "1", "-c", "1", "-m", "1000", "-f", "-S", "-B", "0"),
                THROUGHPUT_TEXT, "" },
        };
    }
@@ -74,7 +74,7 @@
                //Skip header line
                for (int i = 1; i < authRateResLines.length; i++) {
                    String[] authRateLineData = authRateResLines[i].split(",");
                    assertThat(authRateLineData[authRateLineData.length - 1].trim()).isEqualTo("0.0");
                    assertThat(authRateLineData[authRateLineData.length - 1].trim()).as(outContent).isEqualTo("0.0");
                }
            }
        }

			@@ -41,27 +41,15 @@
			path: ~/.m2/repository
			key: ${{ runner.os }}-m2-repository-${{ hashFiles('**/pom.xml') }}
			restore-keys: ${{ runner.os }}-m2-repository
			- name: Set Integration Test Environment
			id: maven-profile-flag
			if: runner.os != 'Windows'
			run: \|
			echo "MAVEN_PROFILE_FLAG=-P precommit" >> $GITHUB_OUTPUT
			- name: Build with Maven
			env:
			MAVEN_OPTS: -Dhttps.protocols=TLSv1.2 -Dmaven.wagon.httpconnectionManager.ttlSeconds=120 -Dmaven.wagon.http.retryHandler.requestSentEnabled=true -Dmaven.wagon.http.retryHandler.count=10
			run: mvn --batch-mode --errors --update-snapshots package --file pom.xml
			- name: IT test
			id: failsafe
			if: runner.os != 'Windows'
			timeout-minutes: 120
			env:
			MAVEN_OPTS: -Dhttps.protocols=TLSv1.2 -Dmaven.wagon.httpconnectionManager.ttlSeconds=120 -Dmaven.wagon.http.retryHandler.requestSentEnabled=true -Dmaven.wagon.http.retryHandler.count=10
			run: \|
			cat /etc/hosts
			mvn --batch-mode --errors verify --file opendj-server-legacy/pom.xml -P precommit
			- name: Upload IT test failiure opendj-server-legacy/target
			uses: actions/upload-artifact@v3
			if: failure()
			with:
			name: failsafe-${{ matrix.os }}-${{ matrix.java }}
			retention-days: 5
			path: \|
			opendj-server-legacy/target/
			run: mvn --batch-mode --errors --update-snapshots verify --file pom.xml ${{ steps.maven-profile-flag.outputs.MAVEN_PROFILE_FLAG }}
			- name: Test on Unix
			if: runner.os != 'Windows'
			run: \|

			@@ -35,7 +35,13 @@
			/** Grizzly ASN1 reader implementation. */
			final class ASN1BufferReader extends AbstractASN1Reader {
			private final class ChildSequenceLimiter implements SequenceLimiter {
			private SequenceLimiter parent;
			@Override
			public String toString() {
			return "ChildSequenceLimiter [parent=" + parent + ", child=" + child + ", readLimit=" + readLimit
			+ ", bytesRead=" + bytesRead + ", remaining()=" + remaining() + "]";
			}

			private SequenceLimiter parent;
			private ChildSequenceLimiter child;
			private int readLimit;
			private int bytesRead;
			@@ -55,7 +61,7 @@
			parent.checkLimit(remaining());
			if (remaining() > 0) {
			logger.debug(LocalizableMessage.raw(
			"Ignoring %d unused trailing bytes in ASN.1 SEQUENCE", remaining()));
			"Ignoring %d unused trailing bytes in ASN.1 SEQUENCE: %s", remaining(),toString()));
			}
			for (int i = 0; i < remaining(); i++) {
			buffer.get();
			@@ -81,11 +87,16 @@
			}

			private final class RootSequenceLimiter implements SequenceLimiter {
			private ChildSequenceLimiter child;
			@Override
			public String toString() {
			return "RootSequenceLimiter [remaining()=" + remaining() + "]";
			}

			private ChildSequenceLimiter child;

			@Override
			public void checkLimit(final int readSize) throws IOException {
			if (buffer.remaining() < readSize) {
			if ( remaining() < readSize) {
			final LocalizableMessage message = ERR_ASN1_TRUNCATED_LENGTH_BYTE.get();
			throw DecodeException.fatalError(message);
			}
			@@ -99,7 +110,7 @@

			@Override
			public int remaining() {
			return buffer.remaining();
			return buffer.hasRemaining() ? buffer.remaining() : 0;
			}

			@Override

			@@ -135,7 +135,7 @@
			// Enabled by default.
			builder.setReuseAddress(Boolean.parseBoolean(reuseAddressStr));
			}
			//builder.setMemoryManager(new PooledMemoryManager(true));
			builder.setMemoryManager(new PooledMemoryManager(true));


			final TCPNIOTransport transport = builder.build();

			@@ -429,7 +429,7 @@
			return ctx.getStopAction(buffer.duplicate());
			}
			final int length = reader.peekLength();
			final Buffer remainder = buffer.remaining() > length ? buffer.split(buffer.position() + length) : null;
			final Buffer remainder = (buffer.hasRemaining() && buffer.remaining() > length) ? buffer.split(buffer.position() + length) : null;
			buffer.reset();
			try (final ASN1BufferReader packetReader =
			new ASN1BufferReader(maxASN1ElementSize, buffer.asReadOnlyBuffer())) {

			@@ -98,7 +98,7 @@
			builder.setReuseAddress(Boolean.parseBoolean(reuseAddressStr));
			}
			// Force usage of PooledMemoryManager which allows to use grizzly's buffers across threads.
			//builder.setMemoryManager(new PooledMemoryManager(true));
			builder.setMemoryManager(new PooledMemoryManager(true));

			final TCPNIOTransport transport = builder.build();

			@@ -50,7 +50,7 @@
			args("-h", TestCaseUtils.getServerSocketAddress().getHostName(),
			"-p", Integer.toString(TestCaseUtils.getServerSocketAddress().getPort()),
			"-g", "rand(0,1000)", "-D", "uid=%d,ou=people,o=test", "-w", "password",
			"-i", "1", "-c", "1", "-m", "10", "-f", "-S", "-B", "0"),
			"-i", "1", "-c", "1", "-m", "1000", "-f", "-S", "-B", "0"),
			THROUGHPUT_TEXT, "" },
			};
			}
			@@ -74,7 +74,7 @@
			//Skip header line
			for (int i = 1; i < authRateResLines.length; i++) {
			String[] authRateLineData = authRateResLines[i].split(",");
			assertThat(authRateLineData[authRateLineData.length - 1].trim()).isEqualTo("0.0");
			assertThat(authRateLineData[authRateLineData.length - 1].trim()).as(outContent).isEqualTo("0.0");
			}
			}
			}