You are viewing a plain text version of this content. The canonical link for it is here.
Posted to derby-commits@db.apache.org by ma...@apache.org on 2014/11/05 06:52:54 UTC
svn commit: r1636798 - in /db/derby/code/trunk/java:
client/org/apache/derby/client/net/OpenSocketAction.java
drda/org/apache/derby/impl/drda/NetworkServerControlImpl.java
Author: mamta
Date: Wed Nov 5 05:52:53 2014
New Revision: 1636798
URL: http://svn.apache.org/r1636798
Log:
DERBY-6764(analyze impact of poodle security alert on Derby client - server ssl support)
Fixed problem with array counter.
Modified:
db/derby/code/trunk/java/client/org/apache/derby/client/net/OpenSocketAction.java
db/derby/code/trunk/java/drda/org/apache/derby/impl/drda/NetworkServerControlImpl.java
Modified: db/derby/code/trunk/java/client/org/apache/derby/client/net/OpenSocketAction.java
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/client/org/apache/derby/client/net/OpenSocketAction.java?rev=1636798&r1=1636797&r2=1636798&view=diff
==============================================================================
--- db/derby/code/trunk/java/client/org/apache/derby/client/net/OpenSocketAction.java (original)
+++ db/derby/code/trunk/java/client/org/apache/derby/client/net/OpenSocketAction.java Wed Nov 5 05:52:53 2014
@@ -90,30 +90,27 @@ class OpenSocketAction implements Privil
//If SSLv3 and/or SSLv2Hello is one of the enabled protocols,
// then remove it from the list of enabled protocols because of
// its security breach.
- String[] removeTwoProtocols = new String[enabledProtocols.length];
- int removedProtocolsCount = 0;
- boolean foundProtocolToRemove=false;
+ String[] supportedProtocols = new String[enabledProtocols.length];
+ int supportedProtocolsCount = 0;
for ( int i = 0; i < enabledProtocols.length; i++ )
{
- if (enabledProtocols[i].toUpperCase().contains("SSLV3") ||
- enabledProtocols[i].toUpperCase().contains("SSLV2HELLO")) {
- foundProtocolToRemove=true;
- } else {
- removeTwoProtocols[removedProtocolsCount] =
+ if (!(enabledProtocols[i].toUpperCase().contains("SSLV3") ||
+ enabledProtocols[i].toUpperCase().contains("SSLV2HELLO"))) {
+ supportedProtocols[supportedProtocolsCount] =
enabledProtocols[i];
- removedProtocolsCount++;
+ supportedProtocolsCount++;
}
}
- if(foundProtocolToRemove) {
+ if(supportedProtocolsCount < enabledProtocols.length) {
String[] newEnabledProtocolsList = null;
//We found that SSLv3 and or SSLv2Hello is one of the enabled
// protocols for this jvm. Following code will remove it from
// enabled list.
newEnabledProtocolsList =
- new String[(removeTwoProtocols.length)-1];
- System.arraycopy(removeTwoProtocols, 0,
+ new String[supportedProtocolsCount];
+ System.arraycopy(supportedProtocols, 0,
newEnabledProtocolsList, 0,
- removedProtocolsCount);
+ supportedProtocolsCount);
sSocket.setEnabledProtocols(newEnabledProtocolsList);
}
return sSocket;
Modified: db/derby/code/trunk/java/drda/org/apache/derby/impl/drda/NetworkServerControlImpl.java
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/drda/org/apache/derby/impl/drda/NetworkServerControlImpl.java?rev=1636798&r1=1636797&r2=1636798&view=diff
==============================================================================
--- db/derby/code/trunk/java/drda/org/apache/derby/impl/drda/NetworkServerControlImpl.java (original)
+++ db/derby/code/trunk/java/drda/org/apache/derby/impl/drda/NetworkServerControlImpl.java Wed Nov 5 05:52:53 2014
@@ -2709,29 +2709,26 @@ public final class NetworkServerControlI
//If SSLv3 and SSLv2Hello are one of the enabled protocols, then
// remove them from the list of enabled protocols because of the
// possible security breach.
- String[] removeTwoProtocols = new String[enabledProtocols.length];
- int removedProtocolsCount = 0;
- boolean foundProtocolToRemove=false;
+ String[] supportedProtocols = new String[enabledProtocols.length];
+ int supportedProtocolsCount = 0;
for ( int i = 0; i < enabledProtocols.length; i++ )
{
- if (enabledProtocols[i].toUpperCase().contains("SSLV3") ||
- enabledProtocols[i].toUpperCase().contains("SSLV2HELLO")) {
- foundProtocolToRemove=true;
- } else {
- removeTwoProtocols[removedProtocolsCount] = enabledProtocols[i];
- removedProtocolsCount++;
+ if (!(enabledProtocols[i].toUpperCase().contains("SSLV3") ||
+ enabledProtocols[i].toUpperCase().contains("SSLV2HELLO"))) {
+ supportedProtocols[supportedProtocolsCount] = enabledProtocols[i];
+ supportedProtocolsCount++;
}
}
- String[] newEnabledProtocolsList = null;
- if(foundProtocolToRemove) {
+ if(supportedProtocolsCount < enabledProtocols.length) {
//We found SSLv3 and/or SSLv2Hello as one of the enabled
// protocols for this jvm. Following code will remove them from
// enabled list.
+ String[] newEnabledProtocolsList = null;
newEnabledProtocolsList =
- new String[(removeTwoProtocols.length)-1];
- System.arraycopy(removeTwoProtocols, 0,
+ new String[supportedProtocolsCount];
+ System.arraycopy(supportedProtocols, 0,
newEnabledProtocolsList, 0,
- removedProtocolsCount);
+ supportedProtocolsCount);
return(newEnabledProtocolsList);
} else
return(enabledProtocols);