xsocket / Bugs / #25 An information leakage from IoConnector to IoSocketDispatcher through an IOException without LOG severe control

#25 An information leakage from IoConnector to IoSocketDispatcher through an IOException without LOG severe control

Milestone: 2.4

Status: open

Owner: nobody

Labels: None

Priority: 5

Updated: 2020-12-09

Created: 2019-08-17

Creator: Xiaoqin Fu

Private: No

During xSocket integration testing, I developed one sample application, based on NonBlockingConnection, whose client send a text message, followed by another client sending another, to the server.

The source: org.xsocket.connection.IoConnector:
private void handleConnect() {
Set<selectionkey> selectedEventKeys = selector.selectedKeys();
Iterator<selectionkey> it = selectedEventKeys.iterator();
while (it.hasNext()) {
SelectionKey eventKey = it.next();
it.remove();
RegisterTask registerTask = (RegisterTask) eventKey.attachment();
......
}
}</selectionkey></selectionkey>

The sink: org.xsocket.connection:   
public IoSocketDispatcher(AbstractMemoryManager memoryManager, String name)  {
    ......
    try {
        selector = Selector.open();
    } catch (IOException ioe) {
        String text = "exception occured while opening selector. Reason: " + ioe.toString();
        LOG.severe(text);
        throw new RuntimeException(text, ioe);
    }
    ......
}

The statement "LOG.severe(text)" doesn't have LOG severe control.

The Tainted path:
org.xsocket.connection.IoConnector -->
org.xsocket.connection.IoConnector$RegisterTask -->
org.xsocket.connection.IoConnector -->
org.xsocket.connection.ConnectionManager -->
org.xsocket.connection.NonBlockingConnection$SyncIoConnectorCallback -->
org.xsocket.connection.ConnectionManager -->
org.xsocket.connection.NonBlockingConnection -->
org.xsocket.connection.NonBlockingConnection$SyncIoConnectorCallback -->
org.xsocket.connection.NonBlockingConnection -->
org.xsocket.connection.ConnectionManager -->
org.xsocket.connection.ConnectionManager$TimeoutMgmHandle -->
org.xsocket.connection.NonBlockingConnection -->
org.xsocket.connection.IoConnector$RegisterTask -->
org.xsocket.connection.NonBlockingConnection -->
org.xsocket.connection.ConnectionManager$TimeoutMgmHandle -->
org.xsocket.connection.NonBlockingConnection -->
org.xsocket.connection.IoSocketDispatcherPool

I am going to submit a CVE, so please confirm this is not a true positive.

1 Attachments

TaintedPath

Discussion

Xiaoqin Fu - 2020-12-09

Could I open a PR for it?

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

An information leakage from IoConnector to IoSocketDispatcher through an...

Group

Searches

Help

#25 An information leakage from IoConnector to IoSocketDispatcher through an IOException without LOG severe control

Discussion