Recent changes to 25: An information leakage from IoConnector to IoSocketDispatcher through an IOException without LOG severe controlhttps://sourceforge.net/p/xsocket/bugs/25/Recent changes to 25: An information leakage from IoConnector to IoSocketDispatcher through an IOException without LOG severe controlenWed, 09 Dec 2020 15:12:26 -0000#25 An information leakage from IoConnector to IoSocketDispatcher through an IOException without LOG severe controlhttps://sourceforge.net/p/xsocket/bugs/25/?limit=25#c708<div class="markdown_content"><p>Could I open a PR for it?</p></div>Xiaoqin FuWed, 09 Dec 2020 15:12:26 -0000https://sourceforge.net09f9d84e28d063f614868f5c8e28c63b0fb67cffAn information leakage from IoConnector to IoSocketDispatcher through an IOException without LOG severe controlhttps://sourceforge.net/p/xsocket/bugs/25/<div class="markdown_content"><p>During xSocket integration testing, I developed one sample application, based on NonBlockingConnection, whose client send a text message, followed by another client sending another, to the server. </p> <p>The source: org.xsocket.connection.IoConnector:<br/> private void handleConnect() {<br/> Set&lt;selectionkey&gt; selectedEventKeys = selector.selectedKeys();<br/> Iterator&lt;selectionkey&gt; it = selectedEventKeys.iterator();<br/> while (it.hasNext()) {<br/> SelectionKey eventKey = it.next();<br/> it.remove();<br/> RegisterTask registerTask = (RegisterTask) eventKey.attachment();<br/> ......<br/> }<br/> }&lt;/selectionkey&gt;&lt;/selectionkey&gt;</p> <div class="codehilite"><pre><span></span><span class="nt">The</span> <span class="nt">sink</span><span class="o">:</span> <span class="nt">org</span><span class="p">.</span><span class="nc">xsocket</span><span class="p">.</span><span class="nc">connection</span><span class="o">:</span> <span class="nt">public</span> <span class="nt">IoSocketDispatcher</span><span class="o">(</span><span class="nt">AbstractMemoryManager</span> <span class="nt">memoryManager</span><span class="o">,</span> <span class="nt">String</span> <span class="nt">name</span><span class="o">)</span> <span class="p">{</span> <span class="err">......</span> <span class="err">try</span> <span class="err">{</span> <span class="err">selector</span> <span class="err">=</span> <span class="err">Selector.open()</span><span class="p">;</span> <span class="p">}</span> <span class="nt">catch</span> <span class="o">(</span><span class="nt">IOException</span> <span class="nt">ioe</span><span class="o">)</span> <span class="p">{</span> <span class="err">String</span> <span class="err">text</span> <span class="err">=</span> <span class="err">"exception</span> <span class="err">occured</span> <span class="err">while</span> <span class="err">opening</span> <span class="err">selector.</span> <span class="n">Reason</span><span class="p">:</span> <span class="err">"</span> <span class="o">+</span> <span class="n">ioe</span><span class="o">.</span><span class="nf">toString</span><span class="p">();</span> <span class="err">LOG.severe(text)</span><span class="p">;</span> <span class="err">throw</span> <span class="err">new</span> <span class="err">RuntimeException(text,</span> <span class="err">ioe)</span><span class="p">;</span> <span class="p">}</span> <span class="o">......</span> <span class="err">}</span> </pre></div> <p>The statement "LOG.severe(text)" doesn't have LOG severe control.</p> <p>The Tainted path:<br/> org.xsocket.connection.IoConnector --&gt; <br/> org.xsocket.connection.IoConnector$RegisterTask --&gt; <br/> org.xsocket.connection.IoConnector --&gt; <br/> org.xsocket.connection.ConnectionManager --&gt; <br/> org.xsocket.connection.NonBlockingConnection$SyncIoConnectorCallback --&gt; <br/> org.xsocket.connection.ConnectionManager --&gt; <br/> org.xsocket.connection.NonBlockingConnection --&gt; <br/> org.xsocket.connection.NonBlockingConnection$SyncIoConnectorCallback --&gt; <br/> org.xsocket.connection.NonBlockingConnection --&gt; <br/> org.xsocket.connection.ConnectionManager --&gt; <br/> org.xsocket.connection.ConnectionManager$TimeoutMgmHandle --&gt; <br/> org.xsocket.connection.NonBlockingConnection --&gt; <br/> org.xsocket.connection.IoConnector$RegisterTask --&gt; <br/> org.xsocket.connection.NonBlockingConnection --&gt; <br/> org.xsocket.connection.ConnectionManager$TimeoutMgmHandle --&gt; <br/> org.xsocket.connection.NonBlockingConnection --&gt; <br/> org.xsocket.connection.IoSocketDispatcherPool</p> <div class="codehilite"><pre><span></span>I am going to submit a CVE, so please confirm this is not a true positive. </pre></div> </div>Xiaoqin FuSat, 17 Aug 2019 06:29:02 -0000https://sourceforge.net1b9648e893fb74ef5766bced6c8aed3a0581f207