Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8211339

NPE during SSL handshake caused by HostnameChecker

    Details

    • Subcomponent:
    • Resolved In Build:
      b19
    • CPU:
      generic
    • OS:
      generic
    • Verification:
      Verified

      Backports

        Description

        ADDITIONAL SYSTEM INFORMATION :
        This happens with Java8 and Java11 as well:

         java -version
        java version "1.8.0_181"
        Java(TM) SE Runtime Environment (build 1.8.0_181-b13)
        Java HotSpot(TM) 64-Bit Server VM (build 25.181-b13, mixed mode)

        java -version
        java version "11" 2018-09-25
        Java(TM) SE Runtime Environment 18.9 (build 11+28)
        Java HotSpot(TM) 64-Bit Server VM 18.9 (build 11+28, mixed mode)

        A DESCRIPTION OF THE PROBLEM :
        While trying to write some test code for netty I did something stupid while creating the SSLEngine by passing a hostname as parameter for the server which then ended up in an NPE during handshake. I would argue we should not fail with a NPE.

        Basically something like:

        SSLEngine serverEngine = serverCtx.createSSLEngine("localhost", -1);


        I think this is caused by sun.security.ssl.X509TrustManagerImpl.checkIdentity(…) missing a null check for the hostname before calling sun.security.util.HostnameChecker.match(…)

        A full reproduce (which I extracted from my netty testcase) can be found here (there is a README.md which explains how to run it):

        https://github.com/normanmaurer/jdk_ssl_npe_reproducer

        The stack I see is:

        Exception in thread "main" java.lang.RuntimeException: Delegated task threw Exception/Error
        at sun.security.ssl.Handshaker.checkThrown(Handshaker.java:1527)
        at sun.security.ssl.SSLEngineImpl.checkTaskThrown(SSLEngineImpl.java:535)
        at sun.security.ssl.SSLEngineImpl.writeAppRecord(SSLEngineImpl.java:1214)
        at sun.security.ssl.SSLEngineImpl.wrap(SSLEngineImpl.java:1186)
        at javax.net.ssl.SSLEngine.wrap(SSLEngine.java:469)
        at JDKSslReproducer.handshake(JDKSslReproducer.java:76)
        at JDKSslReproducer.main(JDKSslReproducer.java:51)
        Caused by: java.lang.NullPointerException
        at sun.net.util.IPAddressUtil.textToNumericFormatV4(IPAddressUtil.java:49)
        at sun.net.util.IPAddressUtil.isIPv4LiteralAddress(IPAddressUtil.java:241)
        at sun.security.util.HostnameChecker.isIpAddress(HostnameChecker.java:125)
        at sun.security.util.HostnameChecker.match(HostnameChecker.java:93)
        at sun.security.ssl.X509TrustManagerImpl.checkIdentity(X509TrustManagerImpl.java:455)
        at sun.security.ssl.AbstractTrustManagerWrapper.checkAdditionalTrust(SSLContextImpl.java:1068)
        at sun.security.ssl.AbstractTrustManagerWrapper.checkServerTrusted(SSLContextImpl.java:1007)
        at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1601)
        at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:216)
        at sun.security.ssl.Handshaker.processLoop(Handshaker.java:1052)
        at sun.security.ssl.Handshaker$1.run(Handshaker.java:992)
        at sun.security.ssl.Handshaker$1.run(Handshaker.java:989)
        at java.security.AccessController.doPrivileged(Native Method)
        at sun.security.ssl.Handshaker$DelegatedTask.run(Handshaker.java:1467)
        at JDKSslReproducer.runDelegatedTasks(JDKSslReproducer.java:131)
        at JDKSslReproducer.handshake(JDKSslReproducer.java:99)
        ... 1 more

        This only happens if a X509Trustmanager is used (not the Extended version) and when setEndpointIdentificationAlgorithm(…) is used on the client-side.


        STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
        https://github.com/normanmaurer/jdk_ssl_npe_reproducer


        EXPECTED VERSUS ACTUAL BEHAVIOR :
        EXPECTED -
        No NPE
        ACTUAL -
        NPE during validation

        ---------- BEGIN SOURCE ----------
        https://github.com/normanmaurer/jdk_ssl_npe_reproducer
        ---------- END SOURCE ----------

        CUSTOMER SUBMITTED WORKAROUND :
        None...

        FREQUENCY : always


          Attachments

            Issue Links

              Activity

                People

                • Assignee:
                  ascarpino Anthony Scarpino
                  Reporter:
                  webbuggrp Webbug Group
                • Votes:
                  0 Vote for this issue
                  Watchers:
                  5 Start watching this issue

                  Dates

                  • Created:
                    Updated:
                    Resolved: