mirror of https://github.com/OpenIdentityPlatform/OpenDJ.git
parent: 3181453e | patch | commit | ignore whitespace
boli
18.32.2009 556c5bc192b91d7c7423ac8f5769369818862d62 
Fix for issue 4229: Removed call to getHostName for now to prevent the connection handler thread from hanging and causting potential DoS attacks.
1 files modified
13 ■■■■ changed files
opends/src/server/org/opends/server/extensions/TLSByteChannel.java 13 ●●●● patch | view | raw | blame | history 
 opends/src/server/org/opends/server/extensions/TLSByteChannel.java


@@ -96,9 +96,16 @@




        this.socketChannel = socketChannel;


        this.connection = c;


        String hostName = socketChannel.socket().getInetAddress().getHostName();


        int port = socketChannel.socket().getPort();


        sslEngine = sslContext.createSSLEngine(hostName, port);


      // getHostName could potentially be very expensive and could block


      // the connection handler for several minutes. (See issue 4229)


      // Accepting new connections should be done in a seperate thread to


      // avoid blocking new connections. Just remove for now to prevent


      // potential DoS attacks. SSL sessions will not be reused and some


      // cipher suites (such as Kerberos) will not work.


      //String hostName = socketChannel.socket().getInetAddress().getHostName();


      //int port = socketChannel.socket().getPort();


      //sslEngine = sslContext.createSSLEngine(hostName, port);


        sslEngine = sslContext.createSSLEngine();


        sslEngine.setUseClientMode(false);


        Set<String> protocols = config.getSSLProtocol();


        if (!protocols.isEmpty())