From 13fed9d155554880852ee313b65f5b5a4fa0db3d Mon Sep 17 00:00:00 2001
From: vharseko <vharseko@3a-systems.ru>
Date: Tue, 29 Aug 2023 15:09:45 +0000
Subject: [PATCH] FIX unused trailing bytes in ASN.1 SEQUENCE (#296)
---
opendj-grizzly/src/main/java/org/forgerock/opendj/grizzly/DefaultTCPNIOTransport.java | 2 +-
opendj-ldap-toolkit/src/test/java/com/forgerock/opendj/ldap/tools/AuthRateITCase.java | 4 ++--
opendj-grizzly/src/main/java/org/forgerock/opendj/grizzly/LDAPClientFilter.java | 2 +-
opendj-grizzly/src/main/java/org/forgerock/opendj/grizzly/ServerTCPNIOTransport.java | 2 +-
.github/workflows/build.yml | 24 ++++++------------------
opendj-grizzly/src/main/java/org/forgerock/opendj/grizzly/ASN1BufferReader.java | 21 ++++++++++++++++-----
6 files changed, 27 insertions(+), 28 deletions(-)
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index 0210d2a..d0f7fef 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -41,27 +41,15 @@
path: ~/.m2/repository
key: ${{ runner.os }}-m2-repository-${{ hashFiles('**/pom.xml') }}
restore-keys: ${{ runner.os }}-m2-repository
+ - name: Set Integration Test Environment
+ id: maven-profile-flag
+ if: runner.os != 'Windows'
+ run: |
+ echo "MAVEN_PROFILE_FLAG=-P precommit" >> $GITHUB_OUTPUT
- name: Build with Maven
env:
MAVEN_OPTS: -Dhttps.protocols=TLSv1.2 -Dmaven.wagon.httpconnectionManager.ttlSeconds=120 -Dmaven.wagon.http.retryHandler.requestSentEnabled=true -Dmaven.wagon.http.retryHandler.count=10
- run: mvn --batch-mode --errors --update-snapshots package --file pom.xml
- - name: IT test
- id: failsafe
- if: runner.os != 'Windows'
- timeout-minutes: 120
- env:
- MAVEN_OPTS: -Dhttps.protocols=TLSv1.2 -Dmaven.wagon.httpconnectionManager.ttlSeconds=120 -Dmaven.wagon.http.retryHandler.requestSentEnabled=true -Dmaven.wagon.http.retryHandler.count=10
- run: |
- cat /etc/hosts
- mvn --batch-mode --errors verify --file opendj-server-legacy/pom.xml -P precommit
- - name: Upload IT test failiure opendj-server-legacy/target
- uses: actions/upload-artifact@v3
- if: failure()
- with:
- name: failsafe-${{ matrix.os }}-${{ matrix.java }}
- retention-days: 5
- path: |
- opendj-server-legacy/target/
+ run: mvn --batch-mode --errors --update-snapshots verify --file pom.xml ${{ steps.maven-profile-flag.outputs.MAVEN_PROFILE_FLAG }}
- name: Test on Unix
if: runner.os != 'Windows'
run: |
diff --git a/opendj-grizzly/src/main/java/org/forgerock/opendj/grizzly/ASN1BufferReader.java b/opendj-grizzly/src/main/java/org/forgerock/opendj/grizzly/ASN1BufferReader.java
index 86c5b54..4610407 100644
--- a/opendj-grizzly/src/main/java/org/forgerock/opendj/grizzly/ASN1BufferReader.java
+++ b/opendj-grizzly/src/main/java/org/forgerock/opendj/grizzly/ASN1BufferReader.java
@@ -35,7 +35,13 @@
/** Grizzly ASN1 reader implementation. */
final class ASN1BufferReader extends AbstractASN1Reader {
private final class ChildSequenceLimiter implements SequenceLimiter {
- private SequenceLimiter parent;
+ @Override
+ public String toString() {
+ return "ChildSequenceLimiter [parent=" + parent + ", child=" + child + ", readLimit=" + readLimit
+ + ", bytesRead=" + bytesRead + ", remaining()=" + remaining() + "]";
+ }
+
+ private SequenceLimiter parent;
private ChildSequenceLimiter child;
private int readLimit;
private int bytesRead;
@@ -55,7 +61,7 @@
parent.checkLimit(remaining());
if (remaining() > 0) {
logger.debug(LocalizableMessage.raw(
- "Ignoring %d unused trailing bytes in ASN.1 SEQUENCE", remaining()));
+ "Ignoring %d unused trailing bytes in ASN.1 SEQUENCE: %s", remaining(),toString()));
}
for (int i = 0; i < remaining(); i++) {
buffer.get();
@@ -81,11 +87,16 @@
}
private final class RootSequenceLimiter implements SequenceLimiter {
- private ChildSequenceLimiter child;
+ @Override
+ public String toString() {
+ return "RootSequenceLimiter [remaining()=" + remaining() + "]";
+ }
+
+ private ChildSequenceLimiter child;
@Override
public void checkLimit(final int readSize) throws IOException {
- if (buffer.remaining() < readSize) {
+ if ( remaining() < readSize) {
final LocalizableMessage message = ERR_ASN1_TRUNCATED_LENGTH_BYTE.get();
throw DecodeException.fatalError(message);
}
@@ -99,7 +110,7 @@
@Override
public int remaining() {
- return buffer.remaining();
+ return buffer.hasRemaining() ? buffer.remaining() : 0;
}
@Override
diff --git a/opendj-grizzly/src/main/java/org/forgerock/opendj/grizzly/DefaultTCPNIOTransport.java b/opendj-grizzly/src/main/java/org/forgerock/opendj/grizzly/DefaultTCPNIOTransport.java
index 84232dc..39c0313 100644
--- a/opendj-grizzly/src/main/java/org/forgerock/opendj/grizzly/DefaultTCPNIOTransport.java
+++ b/opendj-grizzly/src/main/java/org/forgerock/opendj/grizzly/DefaultTCPNIOTransport.java
@@ -135,7 +135,7 @@
// Enabled by default.
builder.setReuseAddress(Boolean.parseBoolean(reuseAddressStr));
}
- //builder.setMemoryManager(new PooledMemoryManager(true));
+ builder.setMemoryManager(new PooledMemoryManager(true));
final TCPNIOTransport transport = builder.build();
diff --git a/opendj-grizzly/src/main/java/org/forgerock/opendj/grizzly/LDAPClientFilter.java b/opendj-grizzly/src/main/java/org/forgerock/opendj/grizzly/LDAPClientFilter.java
index f3636e3..78e57ae 100644
--- a/opendj-grizzly/src/main/java/org/forgerock/opendj/grizzly/LDAPClientFilter.java
+++ b/opendj-grizzly/src/main/java/org/forgerock/opendj/grizzly/LDAPClientFilter.java
@@ -429,7 +429,7 @@
return ctx.getStopAction(buffer.duplicate());
}
final int length = reader.peekLength();
- final Buffer remainder = buffer.remaining() > length ? buffer.split(buffer.position() + length) : null;
+ final Buffer remainder = (buffer.hasRemaining() && buffer.remaining() > length) ? buffer.split(buffer.position() + length) : null;
buffer.reset();
try (final ASN1BufferReader packetReader =
new ASN1BufferReader(maxASN1ElementSize, buffer.asReadOnlyBuffer())) {
diff --git a/opendj-grizzly/src/main/java/org/forgerock/opendj/grizzly/ServerTCPNIOTransport.java b/opendj-grizzly/src/main/java/org/forgerock/opendj/grizzly/ServerTCPNIOTransport.java
index 285c519..4329cc4 100644
--- a/opendj-grizzly/src/main/java/org/forgerock/opendj/grizzly/ServerTCPNIOTransport.java
+++ b/opendj-grizzly/src/main/java/org/forgerock/opendj/grizzly/ServerTCPNIOTransport.java
@@ -98,7 +98,7 @@
builder.setReuseAddress(Boolean.parseBoolean(reuseAddressStr));
}
// Force usage of PooledMemoryManager which allows to use grizzly's buffers across threads.
- //builder.setMemoryManager(new PooledMemoryManager(true));
+ builder.setMemoryManager(new PooledMemoryManager(true));
final TCPNIOTransport transport = builder.build();
diff --git a/opendj-ldap-toolkit/src/test/java/com/forgerock/opendj/ldap/tools/AuthRateITCase.java b/opendj-ldap-toolkit/src/test/java/com/forgerock/opendj/ldap/tools/AuthRateITCase.java
index fc00634..e8e7c02 100644
--- a/opendj-ldap-toolkit/src/test/java/com/forgerock/opendj/ldap/tools/AuthRateITCase.java
+++ b/opendj-ldap-toolkit/src/test/java/com/forgerock/opendj/ldap/tools/AuthRateITCase.java
@@ -50,7 +50,7 @@
args("-h", TestCaseUtils.getServerSocketAddress().getHostName(),
"-p", Integer.toString(TestCaseUtils.getServerSocketAddress().getPort()),
"-g", "rand(0,1000)", "-D", "uid=%d,ou=people,o=test", "-w", "password",
- "-i", "1", "-c", "1", "-m", "10", "-f", "-S", "-B", "0"),
+ "-i", "1", "-c", "1", "-m", "1000", "-f", "-S", "-B", "0"),
THROUGHPUT_TEXT, "" },
};
}
@@ -74,7 +74,7 @@
//Skip header line
for (int i = 1; i < authRateResLines.length; i++) {
String[] authRateLineData = authRateResLines[i].split(",");
- assertThat(authRateLineData[authRateLineData.length - 1].trim()).isEqualTo("0.0");
+ assertThat(authRateLineData[authRateLineData.length - 1].trim()).as(outContent).isEqualTo("0.0");
}
}
}
--
Gitblit v1.10.0