Closed Bug 304195 Opened 19 years ago Closed 19 years ago

toString() call in SSLSocket.java does not check for exceptions

Categories

(JSS Graveyard :: Library, defect)

Product:
JSS Graveyard
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED FIXED

People

(Reporter: Sandeep.Konchady, Assigned: Sandeep.Konchady)

Details

Attachments

(1 file, 2 obsolete files)

Modified as per Wan-Teh's suggestion by putting the whole block under try/catch
3.12 KB, patch
glenbeasley
: review+
wtc
: superreview+
Details | Diff | Splinter Review 
There has been instances when a client calls SSLSocket.toString() when the
socket has already been closed.  This generates exception.  In order for us to
make this safe, we need to handle the exceptions ourselves within the toString()
method.
Status: NEW → ASSIGNED
The toString() method now checks for exception when calling getInetAddress(),
getLocalAddress(), getPort(), and getLocalPort().  When an exception is caught
the return string will be the exception message.  If not the returned string
will be the InetAddress and Port information about the socket.
Attachment #192258 - Flags: superreview?(glen.beasley)
Comment on attachment 192258 [details] [diff] [review]
Modified toString() method that checks for exception

I would change the comment to something like this:
* Returns the addresses and ports of this socket
* or an error message if 
the socket is not valid state.
An error message can happen even if the socket is not closed by the
application, but communication has ended on the other end, and the exception
back would be 
(-5978) Network file descriptor is not connected. 

so you might want to change the boolean socketClosed to exception OnSocket

Also, you should modify the toString to SSLServerSocket as well.
Attachment #192258 - Flags: superreview?(glen.beasley) → superreview-
As per Glen's suggestion modified the comments as well as the exception flag in
both SSLSocket.java and SSLServerSocket.java.
Attachment #192258 - Attachment is obsolete: true
Attachment #192264 - Flags: superreview?(glen.beasley)
Comment on attachment 192264 [details] [diff] [review]
Modified toString() methods in SSLSocket.java and SSLServerSocket.java to capture exceptions

Seems like the Java way is to put the try block around the
whole thing and do without the exceptionOnSocket boolean,
like this:

    /**
     * Returns the addresses and ports of this socket
      * or an error message if the socket is not in a valid state.
      */
    public String toString() {
	try {
	    StringBuffer buf = new StringBuffer();
	    InetAddress inetAddr = getInetAddress();
	    int localPort = getLocalPort();
	    buf.append("SSLServerSocket[addr=");
	    buf.append(inetAddr);
	    buf.append(",port=0,localport=");
	    buf.append(localPort);
	    buf.append("]");
	    return buf.toString();
	} catch (OutOfMemoryException e) {
	    throw e;
	} catch (Exception e) {
	    return "Exception caught in toString(): " + e.getMessage();
	}
    }
Modified the source as per Wan-Teh's suggestion by putting the whole block in
toString() under try/catch.
Attachment #192264 - Attachment is obsolete: true
Attachment #192303 - Flags: superreview?(wtchang)
Attachment #192303 - Flags: review?(glen.beasley)
Comment on attachment 192303 [details] [diff] [review]
Modified as per Wan-Teh's suggestion by putting the whole block under try/catch

r=wtc.	Be sure to get Glen's review, too, because I am
not a Java expert.

Some comments:

1. So we can't possibly get OutOfMemoryException from either
the new operator of the StringBuffer.append method?

2. It seems that for SSLServerSocket there is no point printing
the useless "port=0" string.

3. In SSLSocket.toString, I noticed this change:

>-        buf.append("SSLSocket[addr=");
>-        buf.append(getInetAddress());
>-        buf.append(getLocalAddress());
>-        buf.append(",port=");

>+            buf.append("SSLSocket[addr=");
>+            buf.append(inetAddr);
>+            buf.append(",localaddr=");
>+            buf.append(localAddr);
>+            buf.append(",port=");

The original code prints inet address and local address
with nothing in between, whereas the new code inserts
",localaddr=" between the two, which seems better.
Attachment #192303 - Flags: superreview?(wtchang) → superreview+
Comment on attachment 192303 [details] [diff] [review]
Modified as per Wan-Teh's suggestion by putting the whole block under try/catch

looks great.
Attachment #192303 - Flags: superreview-
Attachment #192303 - Flags: superreview+
Attachment #192303 - Flags: review?(glen.beasley)
Attachment #192303 - Flags: review+
Attachment #192303 - Flags: superreview- → superreview+
Comment on attachment 192303 [details] [diff] [review]
Modified as per Wan-Teh's suggestion by putting the whole block under try/catch

Checking in SSLSocket.java;
/cvsroot/mozilla/security/jss/org/mozilla/jss/ssl/SSLSocket.java,v  <-- 
SSLSocket.java
new revision: 1.7.8.2.2.4.2.10; previous revision: 1.7.8.2.2.4.2.9
done
Checking in SSLServerSocket.java;
/cvsroot/mozilla/security/jss/org/mozilla/jss/ssl/SSLServerSocket.java,v  <-- 
SSLServerSocket.java
new revision: 1.5.4.1.2.3.2.5; previous revision: 1.5.4.1.2.3.2.4
done
Comment on attachment 192303 [details] [diff] [review]
Modified as per Wan-Teh's suggestion by putting the whole block under try/catch

Checking in SSLSocket.java;
/cvsroot/mozilla/security/jss/org/mozilla/jss/ssl/SSLSocket.java,v  <-- 
SSLSocket.java
new revision: 1.21; previous revision: 1.20
done
Checking in SSLServerSocket.java;
/cvsroot/mozilla/security/jss/org/mozilla/jss/ssl/SSLServerSocket.java,v  <-- 
SSLServerSocket.java
new revision: 1.19; previous revision: 1.18
done
Status: ASSIGNED → RESOLVED
Closed: 19 years ago
Resolution: --- → FIXED
Target Milestone: --- → 4.1
Attachment #192264 - Flags: superreview?(glen.beasley)
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: