Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8211339

NPE during SSL handshake caused by HostnameChecker

    Details

    • Subcomponent:
    • Resolved In Build:
      b19
    • CPU:
      generic
    • OS:
      generic
    • Verification:
      Verified

      Description

      ADDITIONAL SYSTEM INFORMATION :
      This happens with Java8 and Java11 as well:

       java -version
      java version "1.8.0_181"
      Java(TM) SE Runtime Environment (build 1.8.0_181-b13)
      Java HotSpot(TM) 64-Bit Server VM (build 25.181-b13, mixed mode)

      java -version
      java version "11" 2018-09-25
      Java(TM) SE Runtime Environment 18.9 (build 11+28)
      Java HotSpot(TM) 64-Bit Server VM 18.9 (build 11+28, mixed mode)

      A DESCRIPTION OF THE PROBLEM :
      While trying to write some test code for netty I did something stupid while creating the SSLEngine by passing a hostname as parameter for the server which then ended up in an NPE during handshake. I would argue we should not fail with a NPE.

      Basically something like:

      SSLEngine serverEngine = serverCtx.createSSLEngine("localhost", -1);


      I think this is caused by sun.security.ssl.X509TrustManagerImpl.checkIdentity(…) missing a null check for the hostname before calling sun.security.util.HostnameChecker.match(…)

      A full reproduce (which I extracted from my netty testcase) can be found here (there is a README.md which explains how to run it):

      https://github.com/normanmaurer/jdk_ssl_npe_reproducer

      The stack I see is:

      Exception in thread "main" java.lang.RuntimeException: Delegated task threw Exception/Error
      at sun.security.ssl.Handshaker.checkThrown(Handshaker.java:1527)
      at sun.security.ssl.SSLEngineImpl.checkTaskThrown(SSLEngineImpl.java:535)
      at sun.security.ssl.SSLEngineImpl.writeAppRecord(SSLEngineImpl.java:1214)
      at sun.security.ssl.SSLEngineImpl.wrap(SSLEngineImpl.java:1186)
      at javax.net.ssl.SSLEngine.wrap(SSLEngine.java:469)
      at JDKSslReproducer.handshake(JDKSslReproducer.java:76)
      at JDKSslReproducer.main(JDKSslReproducer.java:51)
      Caused by: java.lang.NullPointerException
      at sun.net.util.IPAddressUtil.textToNumericFormatV4(IPAddressUtil.java:49)
      at sun.net.util.IPAddressUtil.isIPv4LiteralAddress(IPAddressUtil.java:241)
      at sun.security.util.HostnameChecker.isIpAddress(HostnameChecker.java:125)
      at sun.security.util.HostnameChecker.match(HostnameChecker.java:93)
      at sun.security.ssl.X509TrustManagerImpl.checkIdentity(X509TrustManagerImpl.java:455)
      at sun.security.ssl.AbstractTrustManagerWrapper.checkAdditionalTrust(SSLContextImpl.java:1068)
      at sun.security.ssl.AbstractTrustManagerWrapper.checkServerTrusted(SSLContextImpl.java:1007)
      at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1601)
      at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:216)
      at sun.security.ssl.Handshaker.processLoop(Handshaker.java:1052)
      at sun.security.ssl.Handshaker$1.run(Handshaker.java:992)
      at sun.security.ssl.Handshaker$1.run(Handshaker.java:989)
      at java.security.AccessController.doPrivileged(Native Method)
      at sun.security.ssl.Handshaker$DelegatedTask.run(Handshaker.java:1467)
      at JDKSslReproducer.runDelegatedTasks(JDKSslReproducer.java:131)
      at JDKSslReproducer.handshake(JDKSslReproducer.java:99)
      ... 1 more

      This only happens if a X509Trustmanager is used (not the Extended version) and when setEndpointIdentificationAlgorithm(…) is used on the client-side.


      STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
      https://github.com/normanmaurer/jdk_ssl_npe_reproducer


      EXPECTED VERSUS ACTUAL BEHAVIOR :
      EXPECTED -
      No NPE
      ACTUAL -
      NPE during validation

      ---------- BEGIN SOURCE ----------
      https://github.com/normanmaurer/jdk_ssl_npe_reproducer
      ---------- END SOURCE ----------

      CUSTOMER SUBMITTED WORKAROUND :
      None...

      FREQUENCY : always


        Attachments

          Activity

            People

            • Assignee:
              ascarpino Anthony Scarpino
              Reporter:
              webbuggrp Webbug Group
            • Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: