Recent changes to 25: An information leakage from IoConnector to IoSocketDispatcher through an IOException without LOG severe controlhttps://sourceforge.net/p/xsocket/bugs/25/2020-12-09T15:12:26.324000ZRecent changes to 25: An information leakage from IoConnector to IoSocketDispatcher through an IOException without LOG severe control#25 An information leakage from IoConnector to IoSocketDispatcher through an IOException without LOG severe control2020-12-09T15:12:26.324000Z2020-12-09T15:12:26.324000ZXiaoqin Fuhttps://sourceforge.net/u/xqfu/https://sourceforge.net09f9d84e28d063f614868f5c8e28c63b0fb67cff<div class="markdown_content"><p>Could I open a PR for it?</p></div>An information leakage from IoConnector to IoSocketDispatcher through an IOException without LOG severe control2019-08-17T06:29:02.737000Z2019-08-17T06:29:02.737000ZXiaoqin Fuhttps://sourceforge.net/u/xqfu/https://sourceforge.net1b9648e893fb74ef5766bced6c8aed3a0581f207<div class="markdown_content"><p>During xSocket integration testing, I developed one sample application, based on NonBlockingConnection, whose client send a text message, followed by another client sending another, to the server. </p>
<p>The source: org.xsocket.connection.IoConnector:<br/>
private void handleConnect() {<br/>
Set<selectionkey> selectedEventKeys = selector.selectedKeys();<br/>
Iterator<selectionkey> it = selectedEventKeys.iterator();<br/>
while (it.hasNext()) {<br/>
SelectionKey eventKey = it.next();<br/>
it.remove();<br/>
RegisterTask registerTask = (RegisterTask) eventKey.attachment();<br/>
......<br/>
}<br/>
}</selectionkey></selectionkey></p>
<div class="codehilite"><pre><span></span><span class="nt">The</span> <span class="nt">sink</span><span class="o">:</span> <span class="nt">org</span><span class="p">.</span><span class="nc">xsocket</span><span class="p">.</span><span class="nc">connection</span><span class="o">:</span>
<span class="nt">public</span> <span class="nt">IoSocketDispatcher</span><span class="o">(</span><span class="nt">AbstractMemoryManager</span> <span class="nt">memoryManager</span><span class="o">,</span> <span class="nt">String</span> <span class="nt">name</span><span class="o">)</span> <span class="p">{</span>
<span class="err">......</span>
<span class="err">try</span> <span class="err">{</span>
<span class="err">selector</span> <span class="err">=</span> <span class="err">Selector.open()</span><span class="p">;</span>
<span class="p">}</span> <span class="nt">catch</span> <span class="o">(</span><span class="nt">IOException</span> <span class="nt">ioe</span><span class="o">)</span> <span class="p">{</span>
<span class="err">String</span> <span class="err">text</span> <span class="err">=</span> <span class="err">"exception</span> <span class="err">occured</span> <span class="err">while</span> <span class="err">opening</span> <span class="err">selector.</span> <span class="n">Reason</span><span class="p">:</span> <span class="err">"</span> <span class="o">+</span> <span class="n">ioe</span><span class="o">.</span><span class="nf">toString</span><span class="p">();</span>
<span class="err">LOG.severe(text)</span><span class="p">;</span>
<span class="err">throw</span> <span class="err">new</span> <span class="err">RuntimeException(text,</span> <span class="err">ioe)</span><span class="p">;</span>
<span class="p">}</span>
<span class="o">......</span>
<span class="err">}</span>
</pre></div>
<p>The statement "LOG.severe(text)" doesn't have LOG severe control.</p>
<p>The Tainted path:<br/>
org.xsocket.connection.IoConnector --> <br/>
org.xsocket.connection.IoConnector$RegisterTask --> <br/>
org.xsocket.connection.IoConnector --> <br/>
org.xsocket.connection.ConnectionManager --> <br/>
org.xsocket.connection.NonBlockingConnection$SyncIoConnectorCallback --> <br/>
org.xsocket.connection.ConnectionManager --> <br/>
org.xsocket.connection.NonBlockingConnection --> <br/>
org.xsocket.connection.NonBlockingConnection$SyncIoConnectorCallback --> <br/>
org.xsocket.connection.NonBlockingConnection --> <br/>
org.xsocket.connection.ConnectionManager --> <br/>
org.xsocket.connection.ConnectionManager$TimeoutMgmHandle --> <br/>
org.xsocket.connection.NonBlockingConnection --> <br/>
org.xsocket.connection.IoConnector$RegisterTask --> <br/>
org.xsocket.connection.NonBlockingConnection --> <br/>
org.xsocket.connection.ConnectionManager$TimeoutMgmHandle --> <br/>
org.xsocket.connection.NonBlockingConnection --> <br/>
org.xsocket.connection.IoSocketDispatcherPool</p>
<div class="codehilite"><pre><span></span>I am going to submit a CVE, so please confirm this is not a true positive.
</pre></div>
</div>