Mercurial > hg > monetdb-java

diff src/main/java/org/monetdb/mcl/net/MapiSocket.java @ 803:1671f2eb130b monetdbs

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Send NUL bytes on non-TLS connect This avoids a hang if we accidentally make a non-TLS connection to a TLS server. The hang occurs because in that situation, the MAPI client ends up waiting for the server to send a MAPI challenge, while the TLS server ends up waiting for the client to send a TLS Client Hello message. The NUL bytes are illegal as a Client Hello and a no-op as a MAPI message.
author Joeri van Ruth <joeri.van.ruth@monetdbsolutions.com>
date Mon, 11 Dec 2023 14:47:41 +0100 (16 months ago)
parents 88b3e8e89126
children ede3a59ff4f2
line wrap: on
line diff
--- a/src/main/java/org/monetdb/mcl/net/MapiSocket.java
+++ b/src/main/java/org/monetdb/mcl/net/MapiSocket.java
@@ -86,6 +86,7 @@ import org.monetdb.mcl.parser.MCLParseEx
  * @see org.monetdb.mcl.io.BufferedMCLWriter
  */
 public final class MapiSocket {
+	public static final byte[] NUL_BYTES = new byte[]{ 0, 0, 0, 0, 0, 0, 0, 0, };
 	private static final String[][] KNOWN_ALGORITHMS = new String[][] {
 			{"SHA512", "SHA-512"},
 			{"SHA384", "SHA-384"},
@@ -348,8 +349,18 @@ public final class MapiSocket {
 	private Socket wrapTLS(Socket sock, Target.Validated validated) throws IOException {
         if (validated.getTls())
             return SecureSocket.wrap(validated, sock);
-        else
-            return sock;
+        else {
+			// Send an even number of NUL bytes.
+			// We expect the server to speak MAPI and in that case, it's a NOP.
+			// If we're accidentally connecting to a TLS server, the bytes are
+			// invalid as a Client Hello message and most TLS implementations
+			// drop the connection.
+			// This is nice because otherwise we would hang, as the TLS server
+			// is waiting for us to send a TLS CLient Hello, and we are waiting
+			// for a MAPI server to send a server challenge.
+			sock.getOutputStream().write(NUL_BYTES);
+		}
+        return sock;
     }
 
 	private boolean handshake(Target.Validated validated, OptionsCallback callback, ArrayList<String> warnings) throws IOException, MCLException {