This is an automated email from the ASF dual-hosted git repository.
lollipop pushed a commit to branch develop
in repository https://gitbox.apache.org/repos/asf/rocketmq.git
The following commit(s) were added to refs/heads/develop by this push:
new 9f34f55e1d [ISSUE #7226] Filter tlvs in ppv2 which contents not are
spec-compliant ASCII characters and space (#7227)
9f34f55e1d is described below
commit 9f34f55e1dac495730c9cd5469f2ab3225b8f0b9
Author: ShuangxiDing <dingshuangxi...@gmail.com>
AuthorDate: Tue Aug 29 15:48:46 2023 +0800
[ISSUE #7226] Filter tlvs in ppv2 which contents not are spec-compliant
ASCII characters and space (#7227)
Filter tlvs in ppv2 which not are spec-compliant ASCII characters and space
---
.../org/apache/rocketmq/common/utils/BinaryUtil.java | 17 +++++++++++++++++
.../proxy/grpc/ProxyAndTlsProtocolNegotiator.java | 8 +++++++-
.../rocketmq/remoting/netty/NettyRemotingServer.java | 8 +++++++-
3 files changed, 31 insertions(+), 2 deletions(-)
diff --git
a/common/src/main/java/org/apache/rocketmq/common/utils/BinaryUtil.java
b/common/src/main/java/org/apache/rocketmq/common/utils/BinaryUtil.java
index 421adaca4d..7b4b24819c 100644
--- a/common/src/main/java/org/apache/rocketmq/common/utils/BinaryUtil.java
+++ b/common/src/main/java/org/apache/rocketmq/common/utils/BinaryUtil.java
@@ -43,4 +43,21 @@ public class BinaryUtil {
byte[] bytes = calculateMd5(content);
return Hex.encodeHexString(bytes, false);
}
+
+ /**
+ * Returns true if subject contains only bytes that are spec-compliant
ASCII characters.
+ * @param subject
+ * @return
+ */
+ public static boolean isAscii(byte[] subject) {
+ if (subject == null) {
+ return false;
+ }
+ for (byte b : subject) {
+ if ((b & 0x80) != 0) {
+ return false;
+ }
+ }
+ return true;
+ }
}
\ No newline at end of file
diff --git
a/proxy/src/main/java/org/apache/rocketmq/proxy/grpc/ProxyAndTlsProtocolNegotiator.java
b/proxy/src/main/java/org/apache/rocketmq/proxy/grpc/ProxyAndTlsProtocolNegotiator.java
index ee167bd7be..b584ddfbdc 100644
---
a/proxy/src/main/java/org/apache/rocketmq/proxy/grpc/ProxyAndTlsProtocolNegotiator.java
+++
b/proxy/src/main/java/org/apache/rocketmq/proxy/grpc/ProxyAndTlsProtocolNegotiator.java
@@ -24,6 +24,7 @@ import
io.grpc.netty.shaded.io.grpc.netty.InternalProtocolNegotiator;
import io.grpc.netty.shaded.io.grpc.netty.InternalProtocolNegotiators;
import io.grpc.netty.shaded.io.grpc.netty.ProtocolNegotiationEvent;
import io.grpc.netty.shaded.io.netty.buffer.ByteBuf;
+import io.grpc.netty.shaded.io.netty.buffer.ByteBufUtil;
import io.grpc.netty.shaded.io.netty.channel.ChannelHandler;
import io.grpc.netty.shaded.io.netty.channel.ChannelHandlerContext;
import io.grpc.netty.shaded.io.netty.channel.ChannelInboundHandlerAdapter;
@@ -44,6 +45,7 @@ import org.apache.commons.collections.CollectionUtils;
import org.apache.commons.lang3.StringUtils;
import org.apache.rocketmq.common.constant.HAProxyConstants;
import org.apache.rocketmq.common.constant.LoggerName;
+import org.apache.rocketmq.common.utils.BinaryUtil;
import org.apache.rocketmq.logging.org.slf4j.Logger;
import org.apache.rocketmq.logging.org.slf4j.LoggerFactory;
import org.apache.rocketmq.proxy.config.ConfigurationManager;
@@ -191,9 +193,13 @@ public class ProxyAndTlsProtocolNegotiator implements
InternalProtocolNegotiator
}
if (CollectionUtils.isNotEmpty(msg.tlvs())) {
msg.tlvs().forEach(tlv -> {
+ byte[] valueBytes =
ByteBufUtil.getBytes(tlv.content());
+ if (!BinaryUtil.isAscii(valueBytes)) {
+ return;
+ }
Attributes.Key<String> key = AttributeKeys.valueOf(
HAProxyConstants.PROXY_PROTOCOL_TLV_PREFIX +
String.format("%02x", tlv.typeByteValue()));
- String value =
StringUtils.trim(tlv.content().toString(CharsetUtil.UTF_8));
+ String value = StringUtils.trim(new String(valueBytes,
CharsetUtil.UTF_8));
builder.set(key, value);
});
}
diff --git
a/remoting/src/main/java/org/apache/rocketmq/remoting/netty/NettyRemotingServer.java
b/remoting/src/main/java/org/apache/rocketmq/remoting/netty/NettyRemotingServer.java
index 17f138f86e..e626260c93 100644
---
a/remoting/src/main/java/org/apache/rocketmq/remoting/netty/NettyRemotingServer.java
+++
b/remoting/src/main/java/org/apache/rocketmq/remoting/netty/NettyRemotingServer.java
@@ -18,6 +18,7 @@ package org.apache.rocketmq.remoting.netty;
import io.netty.bootstrap.ServerBootstrap;
import io.netty.buffer.ByteBuf;
+import io.netty.buffer.ByteBufUtil;
import io.netty.buffer.PooledByteBufAllocator;
import io.netty.channel.Channel;
import io.netty.channel.ChannelDuplexHandler;
@@ -58,6 +59,7 @@ import org.apache.rocketmq.common.Pair;
import org.apache.rocketmq.common.ThreadFactoryImpl;
import org.apache.rocketmq.common.constant.HAProxyConstants;
import org.apache.rocketmq.common.constant.LoggerName;
+import org.apache.rocketmq.common.utils.BinaryUtil;
import org.apache.rocketmq.common.utils.NetworkUtil;
import org.apache.rocketmq.logging.org.slf4j.Logger;
import org.apache.rocketmq.logging.org.slf4j.LoggerFactory;
@@ -787,9 +789,13 @@ public class NettyRemotingServer extends
NettyRemotingAbstract implements Remoti
}
if (CollectionUtils.isNotEmpty(msg.tlvs())) {
msg.tlvs().forEach(tlv -> {
+ byte[] valueBytes =
ByteBufUtil.getBytes(tlv.content());
+ if (!BinaryUtil.isAscii(valueBytes)) {
+ return;
+ }
AttributeKey<String> key = AttributeKeys.valueOf(
HAProxyConstants.PROXY_PROTOCOL_TLV_PREFIX +
String.format("%02x", tlv.typeByteValue()));
- String value =
StringUtils.trim(tlv.content().toString(CharsetUtil.UTF_8));
+ String value = StringUtils.trim(new String(valueBytes,
CharsetUtil.UTF_8));
channel.attr(key).set(value);
});
}
