RFR: 7100957 : Java doesn't correctly handle the SOCKS protocol when used over IPv6
Dimitar Mavrodiev
dmavrodiev at gmail.com
Mon Jan 6 06:05:06 PST 2014
Hi Alan,
I wasn't aware that tests might run on machines without the IPv6 stack. Now
the test is skipped should there be no IPv6 address configured on the
loopback iface.
I've also expanded the test to cover the case of DOMAIN_NAME, but I came
across some infrastructure problems. It turned out that if the underlying
OS had both the IPv6 and IPv4 loopback addresses map to the same name
(localhost, as it is on OSX 10.9.x) the test would fail(Connection reset),
if they mapped to different names(as it is on Linux - Ubuntu 13.10, RHEL
5.5) the test would succeed. I've decided to skip the test in case of the
former. What do you think?
Here's the webrev
https://googledrive.com/host/0B2CI6Ih--1t5bVVwbVlBRmpVMDg/1/index.html. You
can find the previous webrev on the following link
https://googledrive.com/host/0B2CI6Ih--1t5bVVwbVlBRmpVMDg/0/index.html<https://googledrive.com/host/0B2CI6Ih--1t5bVVwbVlBRmpVMDg/1/index.html>
.
Best,
Dimitar
On Sun, Jan 5, 2014 at 1:09 PM, Alan Bateman <Alan.Bateman at oracle.com>wrote:
> On 03/01/2014 11:04, Dimitar Mavrodiev wrote:
>
> Greetings all,
>
> I've fixed this and created a test to cover it, is there a sponsor who
> could push this through? Here's a link to the webrev
> https://googledrive.com/host/0B2CI6Ih--1t5bVVwbVlBRmpVMDg/index.html.
>
> It's a simple fix that correctly consumes the bytes from a SOCKS reply
> which represent an IPv6 address or a domain name. I also had to fix
> SocksServer as it was not correctly constructing a String representation of
> an IPv6 address from byte[].
>
> I didn't find it necessary to cover the case of DOMAIN_NAME in the test
> as name resolution happens locally and not on the SOCKS server, which is
> perhaps worth another fix.
>
> Thanks for the patch and I see that your OCA has been processed.
>
> I checked section 5 of RFC 1928 and it does indeed appear that the
> DOMAINNAME (0x03) and IP V6 address (0x04) cases were not implemented
> correctly. Your patch looks right. In passing, I see that the constants for
> SOCKS are defined in an interface (which is an anti-pattern) and we should
> clean that up at some point (not necessary for this patch of course).
>
> On the test then I think it will need to check that IPv6 is enabled as
> part of the setup, otherwise it looks like it will fail. I realize that
> IPv6 is enabled by default everywhere these days but we regularly test on
> machine that don't have it configured. One other thing about the test is
> that it will require a GPL header. Would you have cycles to expand the
> SOCKS test infrastructure to cover the DOMAIN_NAME case? I ask about that
> case because it was the lack of test coverage that meant this mis-handling
> slipped through (although I don't think it is actually used and doesn't
> appear to have been noticed before).
>
> Otherwise, I think this is a good (and I would be happy to sponsor it).
>
> -Alan.
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.openjdk.java.net/pipermail/net-dev/attachments/20140106/60272fa8/attachment-0001.html
More information about the net-dev
mailing list