Jetty

SSL key_size attribute converted into a String instead of an Integer using AJP

Details

  • Type: Bug Bug
  • Status: Resolved Resolved
  • Priority: Major Major
  • Resolution: Fixed
  • Affects Version/s: 7.0.0pre3, 6.1.12rc1
  • Fix Version/s: 7.0.0pre4, 6.1.12.rc3
  • Component/s: Security and SSL
  • Labels:
    None
  • Environment:
    Ubuntu 8.04, Apache Httpd 2.2.8 with mod_proxy_ajp.
  • Number of attachments :
    2

Description

Hello,

When the key size is in the AJP request, it is passed to the javax.servlet.request.key_size request attribute as a String, whereas it should be an Integer according to the Servlet 2.4 spec.

I've set up a test using mod_proxy_ajp, the fragment of the request is 0x0b0100 (checked with Wireshark) corresponding to a key size attribute of value 256 (the cipher suite is DHE-RSA-AES256-SHA). The value of javax.servlet.request.key_size is "256" as a String, not as an Integer.

This seem to happen in org.mortbay.jetty.ajp.Ajp13Parser around line 409 in revision 3636. Unlike the client certificate information and the cipher suite, which have their own methods (parsedSslCert and parsedSslCipher) in Ajp13Parser.EventHandler, case Ajp13RequestHeaders.SSL_KEYSIZE_ATTR uses parsedRequestAttribute, which converts the buffer into a String.
This doesn't occur using mod_jk (at least the way I've set it up) since there is no packet with code 0x0b, although the key size can be deduced from the cipher suite.

Best wishes,

Bruno.

Activity

Ascending order - Click to sort in descending order
Hide
Permalink
Bruno Harbulot added a comment -

This is just to add that the problem does occur with mod_jk when it's configured to do so, using JkOptions +ForwardKeySize.

I've also made the same test using org.mortbay.jetty.security.SslSocketConnector: javax.servlet.request.key_size is then an Integer, as expected.

Show
Bruno Harbulot added a comment - This is just to add that the problem does occur with mod_jk when it's configured to do so, using JkOptions +ForwardKeySize . I've also made the same test using org.mortbay.jetty.security.SslSocketConnector : javax.servlet.request.key_size is then an Integer, as expected.
Hide
Permalink
Athena Yao added a comment -

Hm, so AJP passes the key size as either an int or a string, and this key size must then be stored as an integer in javax.servlet.request.key_size, correct?

Attached is a patch for review: Added a new method which saves the request attribute as an Integer and not a String. Nothing now calls parsedRequestAttribute(String, int), as far as I could find.

Show
Athena Yao added a comment - Hm, so AJP passes the key size as either an int or a string, and this key size must then be stored as an integer in javax.servlet.request.key_size, correct? Attached is a patch for review: Added a new method which saves the request attribute as an Integer and not a String. Nothing now calls parsedRequestAttribute(String, int), as far as I could find.
Hide
Permalink
Bruno Harbulot added a comment -

Yes.
I've just tried the two patches attached (6 with 6.1.12-rc2 and 7 with svn trunk rev 3636). They work and fix the problem.

Thanks you.

Show
Bruno Harbulot added a comment - Yes. I've just tried the two patches attached (6 with 6.1.12-rc2 and 7 with svn trunk rev 3636). They work and fix the problem. Thanks you.
Hide
Permalink
Greg Wilkins added a comment -

Applied and commited (and VERSION.txt updated)
Thanks

Show
Greg Wilkins added a comment - Applied and commited (and VERSION.txt updated) Thanks

People

  • Assignee:
    Athena Yao
    Reporter:
    Bruno Harbulot
Vote (0)
Watch (0)

Dates

  • Created:
    Updated:
    Resolved: