Merge pull request #1471 from baranowb/UNDERTOW-2093_2

fl4via · web-flow · commit 023e16c53fab · 2023-04-23T00:40:17.000-03:00
[UNDERTOW-2263] UNDERTOW-2093 detailed followup
diff --git a/core/src/main/java/io/undertow/UndertowLogger.java b/core/src/main/java/io/undertow/UndertowLogger.java
@@ -452,4 +452,16 @@ void nodeConfigCreated(URI connectionURI, String balancer, String domain, String
     @LogMessage(level = DEBUG)
     @Message(id = 5098, value = "GSSAPI negotiation failed for %s")
     void failedToNegotiateAtGSSAPI(final HttpServerExchange exchange, final @Cause Throwable e);
+
+    @LogMessage(level = WARN)
+    @Message(id = 5099, value = "Failed to create SSO for session '%s'")
+    void failedToCreateSSOForSession(final String sessionId);
+
+    @LogMessage(level = DEBUG)
+    @Message(id = 5100, value = "Failed to list paths for '%s'")
+    void failedToListPathsForFile(final Path f);
+
+    @LogMessage(level = DEBUG)
+    @Message(id = 5101, value = "No source to list resources from")
+    void noSourceToListResourcesFrom();
 }
diff --git a/core/src/main/java/io/undertow/UndertowMessages.java b/core/src/main/java/io/undertow/UndertowMessages.java
@@ -647,4 +647,7 @@ public interface UndertowMessages {
     @Message(id = 207, value = "Invalid SNI hostname '%s'")
     IllegalArgumentException invalidSniHostname(String hostNameValue, @Cause Throwable t);
 
+    @Message(id = 208, value = "Failed to allocate resource")
+    IOException failedToAllocateResource();
+
 }
diff --git a/core/src/main/java/io/undertow/io/BlockingReceiverImpl.java b/core/src/main/java/io/undertow/io/BlockingReceiverImpl.java
@@ -121,10 +121,14 @@ public void receiveFullString(final FullStringCallback callback, final ErrorCall
         }
         int s;
         try (PooledByteBuffer pooled = exchange.getConnection().getByteBufferPool().getArrayBackedPool().allocate()) {
-            while ((s = inputStream.read(pooled.getBuffer().array(), pooled.getBuffer().arrayOffset(), pooled.getBuffer().remaining())) > 0) {
-                sb.write(pooled.getBuffer().array(), pooled.getBuffer().arrayOffset(), s);
+            if (pooled != null) {
+                while ((s = inputStream.read(pooled.getBuffer().array(), pooled.getBuffer().arrayOffset(), pooled.getBuffer().remaining())) > 0) {
+                    sb.write(pooled.getBuffer().array(), pooled.getBuffer().arrayOffset(), s);
+                }
+                callback.handle(exchange, sb.toString(charset.name()));
+            } else {
+                throw UndertowMessages.MESSAGES.failedToAllocateResource();
             }
-            callback.handle(exchange, sb.toString(charset.name()));
         } catch (IOException e) {
             error.error(exchange, e);
         }
@@ -169,13 +173,17 @@ public void receivePartialString(final PartialStringCallback callback, final Err
         CharsetDecoder decoder = charset.newDecoder();
         int s;
         try (PooledByteBuffer pooled = exchange.getConnection().getByteBufferPool().getArrayBackedPool().allocate()) {
-            while ((s = inputStream.read(pooled.getBuffer().array(), pooled.getBuffer().arrayOffset(), pooled.getBuffer().remaining())) > 0) {
-                pooled.getBuffer().limit(s);
-                CharBuffer res = decoder.decode(pooled.getBuffer());
-                callback.handle(exchange, res.toString(), false);
-                pooled.getBuffer().clear();
+            if (pooled != null) {
+                while ((s = inputStream.read(pooled.getBuffer().array(), pooled.getBuffer().arrayOffset(), pooled.getBuffer().remaining())) > 0) {
+                    pooled.getBuffer().limit(s);
+                    CharBuffer res = decoder.decode(pooled.getBuffer());
+                    callback.handle(exchange, res.toString(), false);
+                    pooled.getBuffer().clear();
+                }
+                callback.handle(exchange, "", true);
+            } else {
+                throw UndertowMessages.MESSAGES.failedToAllocateResource();
             }
-            callback.handle(exchange, "", true);
         } catch (IOException e) {
             error.error(exchange, e);
         }
@@ -222,10 +230,14 @@ public void receiveFullBytes(final FullBytesCallback callback, final ErrorCallba
         }
         int s;
         try (PooledByteBuffer pooled = exchange.getConnection().getByteBufferPool().getArrayBackedPool().allocate()) {
-            while ((s = inputStream.read(pooled.getBuffer().array(), pooled.getBuffer().arrayOffset(), pooled.getBuffer().remaining())) > 0) {
-                sb.write(pooled.getBuffer().array(), pooled.getBuffer().arrayOffset(), s);
+            if (pooled != null) {
+                while ((s = inputStream.read(pooled.getBuffer().array(), pooled.getBuffer().arrayOffset(), pooled.getBuffer().remaining())) > 0) {
+                    sb.write(pooled.getBuffer().array(), pooled.getBuffer().arrayOffset(), s);
+                }
+                callback.handle(exchange, sb.toByteArray());
+            } else {
+                throw UndertowMessages.MESSAGES.failedToAllocateResource();
             }
-            callback.handle(exchange, sb.toByteArray());
         } catch (IOException e) {
             error.error(exchange, e);
         }
@@ -269,12 +281,16 @@ public void receivePartialBytes(final PartialBytesCallback callback, final Error
         }
         int s;
         try (PooledByteBuffer pooled = exchange.getConnection().getByteBufferPool().getArrayBackedPool().allocate()) {
-            while ((s = inputStream.read(pooled.getBuffer().array(), pooled.getBuffer().arrayOffset(), pooled.getBuffer().remaining())) > 0) {
-                byte[] newData = new byte[s];
-                System.arraycopy(pooled.getBuffer().array(), pooled.getBuffer().arrayOffset(), newData, 0, s);
-                callback.handle(exchange, newData, false);
+            if (pooled != null) {
+                while ((s = inputStream.read(pooled.getBuffer().array(), pooled.getBuffer().arrayOffset(), pooled.getBuffer().remaining())) > 0) {
+                    byte[] newData = new byte[s];
+                    System.arraycopy(pooled.getBuffer().array(), pooled.getBuffer().arrayOffset(), newData, 0, s);
+                    callback.handle(exchange, newData, false);
+                }
+                callback.handle(exchange, EMPTY_BYTE_ARRAY, true);
+            } else {
+                throw UndertowMessages.MESSAGES.failedToAllocateResource();
             }
-            callback.handle(exchange, EMPTY_BYTE_ARRAY, true);
         } catch (IOException e) {
             error.error(exchange, e);
         }
diff --git a/core/src/main/java/io/undertow/io/BlockingSenderImpl.java b/core/src/main/java/io/undertow/io/BlockingSenderImpl.java
@@ -196,23 +196,26 @@ private void performTransfer(FileChannel source, IoCallback callback) {
             }
         } else {
             try (PooledByteBuffer pooled = exchange.getConnection().getByteBufferPool().getArrayBackedPool().allocate()){
-                ByteBuffer buffer = pooled.getBuffer();
-                long pos = source.position();
-                long size = source.size();
-                while (size - pos > 0) {
-                    int ret = source.read(buffer);
-                    if (ret <= 0) {
-                        break;
+                if(pooled != null) {
+                    ByteBuffer buffer = pooled.getBuffer();
+                    long pos = source.position();
+                    long size = source.size();
+                    while (size - pos > 0) {
+                        int ret = source.read(buffer);
+                        if (ret <= 0) {
+                            break;
+                        }
+                        pos += ret;
+                        outputStream.write(buffer.array(), buffer.arrayOffset(), ret);
+                        buffer.clear();
                     }
-                    pos += ret;
-                    outputStream.write(buffer.array(), buffer.arrayOffset(), ret);
-                    buffer.clear();
-                }
 
-                if (pos != size) {
-                    throw new EOFException("Unexpected EOF reading file");
+                    if (pos != size) {
+                        throw new EOFException("Unexpected EOF reading file");
+                    }
+                } else {
+                    throw UndertowMessages.MESSAGES.failedToAllocateResource();
                 }
-
             }  catch (IOException e) {
                 callback.onException(exchange, this, e);
             }
@@ -259,16 +262,23 @@ private boolean writeBuffer(final ByteBuffer[] buffers, final IoCallback callbac
                 }
             } else {
                 try (PooledByteBuffer pooled = exchange.getConnection().getByteBufferPool().getArrayBackedPool().allocate()) {
-                    while (buffer.hasRemaining()) {
-                        int toRead = Math.min(buffer.remaining(), pooled.getBuffer().remaining());
-                        buffer.get(pooled.getBuffer().array(), pooled.getBuffer().arrayOffset(), toRead);
-                        try {
-                            outputStream.write(pooled.getBuffer().array(), pooled.getBuffer().arrayOffset(), toRead);
-                        } catch (IOException e) {
-                            callback.onException(exchange, this, e);
-                            return false;
+                    if(pooled != null) {
+                        while (buffer.hasRemaining()) {
+                            int toRead = Math.min(buffer.remaining(), pooled.getBuffer().remaining());
+                            buffer.get(pooled.getBuffer().array(), pooled.getBuffer().arrayOffset(), toRead);
+                            try {
+                                outputStream.write(pooled.getBuffer().array(), pooled.getBuffer().arrayOffset(), toRead);
+                            } catch (IOException e) {
+                                callback.onException(exchange, this, e);
+                                return false;
+                            }
                         }
+                    } else {
+                        throw UndertowMessages.MESSAGES.failedToAllocateResource();
                     }
+                } catch (IOException e) {
+                    callback.onException(exchange, this, e);
+                    return false;
                 }
             }
         }
diff --git a/core/src/main/java/io/undertow/security/impl/SingleSignOnAuthenticationMechanism.java b/core/src/main/java/io/undertow/security/impl/SingleSignOnAuthenticationMechanism.java
@@ -18,6 +18,7 @@
 
 package io.undertow.security.impl;
 
+import io.undertow.UndertowLogger;
 import io.undertow.security.api.AuthenticationMechanism;
 import io.undertow.security.api.NotificationReceiver;
 import io.undertow.security.api.SecurityContext;
@@ -120,6 +121,8 @@ public void handleNotification(SecurityNotification notification) {
                     });
                     log.tracef("Authenticated account %s using SSO", verified.getPrincipal().getName());
                     return AuthenticationMechanismOutcome.AUTHENTICATED;
+                } else {
+
                 }
             }
             clearSsoCookie(exchange);
@@ -168,9 +171,13 @@ public StreamSinkConduit wrap(ConduitFactory<StreamSinkConduit> factory, HttpSer
             Account account = sc.getAuthenticatedAccount();
             if (account != null) {
                 try (SingleSignOn sso = singleSignOnManager.createSingleSignOn(account, sc.getMechanismName())) {
-                    Session session = getSession(exchange);
-                    registerSessionIfRequired(sso, session);
-                    exchange.setResponseCookie(new CookieImpl(cookieName, sso.getId()).setHttpOnly(httpOnly).setSecure(secure).setDomain(domain).setPath(path));
+                    final Session session = getSession(exchange);
+                    if(sso != null) {
+                        registerSessionIfRequired(sso, session);
+                        exchange.setResponseCookie(new CookieImpl(cookieName, sso.getId()).setHttpOnly(httpOnly).setSecure(secure).setDomain(domain).setPath(path));
+                    } else {
+                        UndertowLogger.SECURITY_LOGGER.failedToCreateSSOForSession(SSO_SESSION_ATTRIBUTE);
+                    }
                 }
             }
             return factory.create();
diff --git a/core/src/main/java/io/undertow/server/handlers/form/MultiPartParserDefinition.java b/core/src/main/java/io/undertow/server/handlers/form/MultiPartParserDefinition.java
@@ -220,22 +220,26 @@ public FormData parseBlocking() throws IOException {
                 throw new IOException(UndertowMessages.MESSAGES.requestChannelAlreadyProvided());
             }
             try (PooledByteBuffer pooled = exchange.getConnection().getByteBufferPool().getArrayBackedPool().allocate()){
-                ByteBuffer buf = pooled.getBuffer();
-                while (true) {
-                    buf.clear();
-                    int c = inputStream.read(buf.array(), buf.arrayOffset(), buf.remaining());
-                    if (c == -1) {
-                        if (parser.isComplete()) {
-                            break;
-                        } else {
-                            throw UndertowMessages.MESSAGES.connectionTerminatedReadingMultiPartData();
+                if(pooled != null) {
+                    ByteBuffer buf = pooled.getBuffer();
+                    while (true) {
+                        buf.clear();
+                        int c = inputStream.read(buf.array(), buf.arrayOffset(), buf.remaining());
+                        if (c == -1) {
+                            if (parser.isComplete()) {
+                                break;
+                            } else {
+                                throw UndertowMessages.MESSAGES.connectionTerminatedReadingMultiPartData();
+                            }
+                        } else if (c != 0) {
+                            buf.limit(c);
+                            parser.parse(buf);
                         }
-                    } else if (c != 0) {
-                        buf.limit(c);
-                        parser.parse(buf);
                     }
+                    exchange.putAttachment(FORM_DATA, data);
+                } else {
+                    throw UndertowMessages.MESSAGES.failedToAllocateResource();
                 }
-                exchange.putAttachment(FORM_DATA, data);
             } catch (MalformedMessageException e) {
                 throw new IOException(e);
             }
diff --git a/core/src/main/java/io/undertow/server/handlers/resource/PathResource.java b/core/src/main/java/io/undertow/server/handlers/resource/PathResource.java
@@ -93,8 +93,12 @@ public boolean isDirectory() {
     public List<Resource> list() {
         final List<Resource> resources = new ArrayList<>();
         try (DirectoryStream<Path> stream = Files.newDirectoryStream(file)) {
-            for (Path child : stream) {
-                resources.add(new PathResource(child, manager, path + file.getFileSystem().getSeparator() + child.getFileName().toString()));
+            if(stream != null) {
+                for (Path child : stream) {
+                    resources.add(new PathResource(child, manager, path + file.getFileSystem().getSeparator() + child.getFileName().toString()));
+                }
+            } else {
+                UndertowLogger.ROOT_LOGGER.failedToListPathsForFile(file);
             }
         } catch (IOException e) {
             throw new RuntimeException(e);
diff --git a/core/src/main/java/io/undertow/server/handlers/resource/URLResource.java b/core/src/main/java/io/undertow/server/handlers/resource/URLResource.java
@@ -150,10 +150,16 @@ public List<Resource> list() {
         try {
             if (file != null) {
                 try (DirectoryStream<Path> stream = Files.newDirectoryStream(file)) {
-                    for (Path child : stream) {
-                        result.add(new URLResource(child.toUri().toURL(), child.toString()));
+                    if (stream != null) {
+                        for (Path child : stream) {
+                            result.add(new URLResource(child.toUri().toURL(), child.toString()));
+                        }
+                    } else {
+                        UndertowLogger.ROOT_LOGGER.failedToListPathsForFile(file);
                     }
                 }
+            } else {
+                UndertowLogger.ROOT_LOGGER.noSourceToListResourcesFrom();
             }
         } catch (IOException e) {
             throw new RuntimeException(e);
diff --git a/core/src/main/java/io/undertow/server/protocol/proxy/ProxyProtocolReadListener.java b/core/src/main/java/io/undertow/server/protocol/proxy/ProxyProtocolReadListener.java
@@ -103,7 +103,7 @@ public void handleEvent(StreamSourceChannel streamSourceChannel) {
         } catch (IOException e) {
             UndertowLogger.REQUEST_IO_LOGGER.ioException(e);
             IoUtils.safeClose(streamConnection);
-        } catch (Exception e) {
+        } catch (Throwable e) {
             UndertowLogger.REQUEST_IO_LOGGER.ioException(new IOException(e));
             IoUtils.safeClose(streamConnection);
         } finally {
@@ -115,7 +115,7 @@ public void handleEvent(StreamSourceChannel streamSourceChannel) {
 
 
 
-    private void parseProxyProtocolV2(PooledByteBuffer buffer, AtomicBoolean freeBuffer) throws Exception {
+    private void parseProxyProtocolV2(PooledByteBuffer buffer, AtomicBoolean freeBuffer) throws IOException {
         while (byteCount < SIG.length) {
             byte c = buffer.getBuffer().get();
 
@@ -222,7 +222,7 @@ private void parseProxyProtocolV2(PooledByteBuffer buffer, AtomicBoolean freeBuf
         return;
     }
 
-    private void parseProxyProtocolV1(PooledByteBuffer buffer, AtomicBoolean freeBuffer) throws Exception {
+    private void parseProxyProtocolV1(PooledByteBuffer buffer, AtomicBoolean freeBuffer) throws IOException {
         while (buffer.getBuffer().hasRemaining()) {
             char c = (char) buffer.getBuffer().get();
             if (byteCount < NAME.length) {
diff --git a/spotbugs-exclude.xml b/spotbugs-exclude.xml

Original file line number	Diff line number	Diff line change
`@@ -647,4 +647,7 @@ public interface UndertowMessages {`
`647`	`647`	`@Message(id = 207, value = "Invalid SNI hostname '%s'")`
`648`	`648`	`IllegalArgumentException invalidSniHostname(String hostNameValue, @Cause Throwable t);`
`649`	`649`
	`650`	`+ @Message(id = 208, value = "Failed to allocate resource")`
	`651`	`+ IOException failedToAllocateResource();`
	`652`	`+`
`650`	`653`	`}`
Original file line number	Diff line number	Diff line change
`@@ -150,10 +150,16 @@ public List<Resource> list() {`
`150`	`150`	`try {`
`151`	`151`	`if (file != null) {`
`152`	`152`	`try (DirectoryStream<Path> stream = Files.newDirectoryStream(file)) {`
`153`		`- for (Path child : stream) {`
`154`		`- result.add(new URLResource(child.toUri().toURL(), child.toString()));`
	`153`	`+ if (stream != null) {`
	`154`	`+ for (Path child : stream) {`
	`155`	`+ result.add(new URLResource(child.toUri().toURL(), child.toString()));`
	`156`	`+ }`
	`157`	`+ } else {`
	`158`	`+ UndertowLogger.ROOT_LOGGER.failedToListPathsForFile(file);`
`155`	`159`	`}`
`156`	`160`	`}`
	`161`	`+ } else {`
	`162`	`+ UndertowLogger.ROOT_LOGGER.noSourceToListResourcesFrom();`
`157`	`163`	`}`
`158`	`164`	`} catch (IOException e) {`
`159`	`165`	`throw new RuntimeException(e);`