You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@mina.apache.org by GitBox <gi...@apache.org> on 2022/05/10 16:04:50 UTC
[GitHub] [mina-sshd] lgoldstein commented on a diff in pull request #222: SSHD-1266 - fix for issue with critical option data encoding and smal…
lgoldstein commented on code in PR #222:
URL: https://github.com/apache/mina-sshd/pull/222#discussion_r869427309
##########
sshd-common/src/main/java/org/apache/sshd/common/util/buffer/Buffer.java:
##########
@@ -348,29 +348,36 @@ public List<OpenSshCertificate.CertificateOption> getCertificateOptions() {
/**
* According to <A HREF=
- * "https://github.com/openssh/openssh-portable/blob/master/PROTOCOL.certkeys#L222-L262">PROTOCOL.certkeys</A>:
+ * "https://github.com/openssh/openssh-portable/blob/master/PROTOCOL.certkeys#L221-L319">PROTOCOL.certkeys</A>:
*
* Critical Options is a set of bytes that is
*
- * [overall length][name(string)][data(string)]...
+ * [overall length][name(string)][[length of buffer][[length of string][data(string)]]]...
*
- * Where each Critical Option is encoded as a name (string) and data (string)
+ * Where each Certificate Option is encoded as a name (string) and buffer of data (string packed in a buffer)
*
- * Then the entire name + data strings are added as bytes (which will get a length prefix)
+ * Then the entire name (string) + data (buffer) are added as bytes (which will get a length prefix)
*
* @param charset {@link Charset} to use for converting bytes to characters
* @return the parsed result, never {@code null}, but possibly empty
*/
public List<OpenSshCertificate.CertificateOption> getCertificateOptions(Charset charset) {
- // pull out entire Critical Options section
- final ByteArrayBuffer optionBuffer = new ByteArrayBuffer(getBytes());
-
List<OpenSshCertificate.CertificateOption> list = new ArrayList<>();
- while (optionBuffer.available() > 0) {
- String name = optionBuffer.getString(charset);
- String data = GenericUtils.trimToEmpty(optionBuffer.getString(charset));
- list.add(new OpenSshCertificate.CertificateOption(name, data.length() > 0 ? data : null));
+ if (available() > 0) {
+ // pull out entire Certificate Options section
+ final ByteArrayBuffer optionBuffer = new ByteArrayBuffer(getBytes());
Review Comment:
No need for *final* keyword
##########
sshd-common/src/main/java/org/apache/sshd/common/util/buffer/Buffer.java:
##########
@@ -348,29 +348,36 @@ public List<OpenSshCertificate.CertificateOption> getCertificateOptions() {
/**
* According to <A HREF=
- * "https://github.com/openssh/openssh-portable/blob/master/PROTOCOL.certkeys#L222-L262">PROTOCOL.certkeys</A>:
+ * "https://github.com/openssh/openssh-portable/blob/master/PROTOCOL.certkeys#L221-L319">PROTOCOL.certkeys</A>:
*
* Critical Options is a set of bytes that is
*
- * [overall length][name(string)][data(string)]...
+ * [overall length][name(string)][[length of buffer][[length of string][data(string)]]]...
*
- * Where each Critical Option is encoded as a name (string) and data (string)
+ * Where each Certificate Option is encoded as a name (string) and buffer of data (string packed in a buffer)
*
- * Then the entire name + data strings are added as bytes (which will get a length prefix)
+ * Then the entire name (string) + data (buffer) are added as bytes (which will get a length prefix)
*
* @param charset {@link Charset} to use for converting bytes to characters
* @return the parsed result, never {@code null}, but possibly empty
*/
public List<OpenSshCertificate.CertificateOption> getCertificateOptions(Charset charset) {
- // pull out entire Critical Options section
- final ByteArrayBuffer optionBuffer = new ByteArrayBuffer(getBytes());
-
List<OpenSshCertificate.CertificateOption> list = new ArrayList<>();
- while (optionBuffer.available() > 0) {
- String name = optionBuffer.getString(charset);
- String data = GenericUtils.trimToEmpty(optionBuffer.getString(charset));
- list.add(new OpenSshCertificate.CertificateOption(name, data.length() > 0 ? data : null));
+ if (available() > 0) {
+ // pull out entire Certificate Options section
+ final ByteArrayBuffer optionBuffer = new ByteArrayBuffer(getBytes());
Review Comment:
Why can't it be `Buffer optionBuffer = new ...` - are you using any *ByteArrayBuffer* methods that are not available via the *Buffer* class ?
Hint: recommend to use the "weakest" variable type you need and not what you know its full type is.
##########
sshd-common/src/main/java/org/apache/sshd/common/util/buffer/Buffer.java:
##########
@@ -348,29 +348,36 @@ public List<OpenSshCertificate.CertificateOption> getCertificateOptions() {
/**
* According to <A HREF=
- * "https://github.com/openssh/openssh-portable/blob/master/PROTOCOL.certkeys#L222-L262">PROTOCOL.certkeys</A>:
+ * "https://github.com/openssh/openssh-portable/blob/master/PROTOCOL.certkeys#L221-L319">PROTOCOL.certkeys</A>:
*
* Critical Options is a set of bytes that is
*
- * [overall length][name(string)][data(string)]...
+ * [overall length][name(string)][[length of buffer][[length of string][data(string)]]]...
*
- * Where each Critical Option is encoded as a name (string) and data (string)
+ * Where each Certificate Option is encoded as a name (string) and buffer of data (string packed in a buffer)
*
- * Then the entire name + data strings are added as bytes (which will get a length prefix)
+ * Then the entire name (string) + data (buffer) are added as bytes (which will get a length prefix)
*
* @param charset {@link Charset} to use for converting bytes to characters
* @return the parsed result, never {@code null}, but possibly empty
*/
public List<OpenSshCertificate.CertificateOption> getCertificateOptions(Charset charset) {
- // pull out entire Critical Options section
- final ByteArrayBuffer optionBuffer = new ByteArrayBuffer(getBytes());
-
List<OpenSshCertificate.CertificateOption> list = new ArrayList<>();
- while (optionBuffer.available() > 0) {
- String name = optionBuffer.getString(charset);
- String data = GenericUtils.trimToEmpty(optionBuffer.getString(charset));
- list.add(new OpenSshCertificate.CertificateOption(name, data.length() > 0 ? data : null));
+ if (available() > 0) {
+ // pull out entire Certificate Options section
+ final ByteArrayBuffer optionBuffer = new ByteArrayBuffer(getBytes());
+
+ while (optionBuffer.available() > 0) {
+ String name = optionBuffer.getString(charset);
+ String data = null;
+ final ByteArrayBuffer dataBuffer = new ByteArrayBuffer(optionBuffer.getBytes());
Review Comment:
Same remarks as before (including no need for *final*)
##########
sshd-core/src/main/java/org/apache/sshd/certificate/OpenSshCertificateBuilder.java:
##########
@@ -104,7 +110,21 @@ public OpenSshCertificateBuilder principals(Collection<String> principals) {
}
public OpenSshCertificateBuilder criticalOptions(List<OpenSshCertificate.CertificateOption> criticalOptions) {
- this.criticalOptions = criticalOptions;
+ if (criticalOptions != null && !criticalOptions.isEmpty()) {
+ // check if any duplicates
+ Set<String> names = new HashSet<String>();
Review Comment:
No need to specify type of *HashSet* use diamond...
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: dev-unsubscribe@mina.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@mina.apache.org
For additional commands, e-mail: dev-help@mina.apache.org