search

clj-commons / aleph

Asynchronous streaming communication for Clojure - web server, web client, and raw TCP/UDP
http://aleph.io
MIT License
2.54k stars 241 forks source link

TCP server: Spurious NPE on bogus TLS connection establishment #617

Closed DerGuteMoritz closed 2 years ago

DerGuteMoritz commented 2 years ago

Using b41471529f023ef82595353dc2e9f3db548e3abf, the following errors occur when attempting to establish a bogus TLS connection to an aleph.tcp server with TLS enabled:

 WARN [aleph.tcp:326] - error in TCP server
                                                      java.lang.Thread.run                         Thread.java:  829
                      io.netty.util.concurrent.FastThreadLocalRunnable.run        FastThreadLocalRunnable.java:   30
                                                                       ...                                          
                                  manifold.executor/thread-factory/reify/f                        executor.clj:   70
                            io.netty.util.internal.ThreadExecutorMap$2.run              ThreadExecutorMap.java:   74
                  io.netty.util.concurrent.SingleThreadEventExecutor$4.run      SingleThreadEventExecutor.java:  997
                                     io.netty.channel.nio.NioEventLoop.run                   NioEventLoop.java:  496
                     io.netty.channel.nio.NioEventLoop.processSelectedKeys                   NioEventLoop.java:  584
            io.netty.channel.nio.NioEventLoop.processSelectedKeysOptimized                   NioEventLoop.java:  658
                      io.netty.channel.nio.NioEventLoop.processSelectedKey                   NioEventLoop.java:  722
            io.netty.channel.nio.AbstractNioByteChannel$NioByteUnsafe.read         AbstractNioByteChannel.java:  166
                   io.netty.channel.DefaultChannelPipeline.fireChannelRead         DefaultChannelPipeline.java:  919
          io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead  AbstractChannelHandlerContext.java:  365
          io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead  AbstractChannelHandlerContext.java:  379
           io.netty.channel.DefaultChannelPipeline$HeadContext.channelRead         DefaultChannelPipeline.java: 1410
            io.netty.channel.AbstractChannelHandlerContext.fireChannelRead  AbstractChannelHandlerContext.java:  357
          io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead  AbstractChannelHandlerContext.java:  365
          io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead  AbstractChannelHandlerContext.java:  379
                   io.netty.handler.codec.ByteToMessageDecoder.channelRead           ByteToMessageDecoder.java:  279
                    io.netty.handler.codec.ByteToMessageDecoder.callDecode           ByteToMessageDecoder.java:  449
io.netty.handler.codec.ByteToMessageDecoder.decodeRemovalReentryProtection           ByteToMessageDecoder.java:  510
                                    io.netty.handler.ssl.SslHandler.decode                     SslHandler.java: 1285
                       io.netty.handler.ssl.SslHandler.decodeJdkCompatible                     SslHandler.java: 1215
io.netty.handler.ssl.NotSslRecordException: not an SSL/TLS record: 666f6f626172
   io.netty.handler.codec.DecoderException: io.netty.handler.ssl.NotSslRecordException: not an SSL/TLS record: 666f6f626172

 WARN [aleph.tcp:326] - error in TCP server
                                                java.lang.Thread.run                         Thread.java:  829
                io.netty.util.concurrent.FastThreadLocalRunnable.run        FastThreadLocalRunnable.java:   30
                                                                 ...                                          
                            manifold.executor/thread-factory/reify/f                        executor.clj:   70
                      io.netty.util.internal.ThreadExecutorMap$2.run              ThreadExecutorMap.java:   74
            io.netty.util.concurrent.SingleThreadEventExecutor$4.run      SingleThreadEventExecutor.java:  997
                               io.netty.channel.nio.NioEventLoop.run                   NioEventLoop.java:  500
      io.netty.util.concurrent.SingleThreadEventExecutor.runAllTasks      SingleThreadEventExecutor.java:  470
          io.netty.util.concurrent.AbstractEventExecutor.safeExecute          AbstractEventExecutor.java:  167
              io.netty.util.concurrent.AbstractEventExecutor.runTask          AbstractEventExecutor.java:  174
               io.netty.channel.AbstractChannel$AbstractUnsafe$7.run                AbstractChannel.java:  813
         io.netty.channel.DefaultChannelPipeline.fireChannelInactive         DefaultChannelPipeline.java:  901
io.netty.channel.AbstractChannelHandlerContext.invokeChannelInactive  AbstractChannelHandlerContext.java:  248
io.netty.channel.AbstractChannelHandlerContext.invokeChannelInactive  AbstractChannelHandlerContext.java:  262
 io.netty.channel.DefaultChannelPipeline$HeadContext.channelInactive         DefaultChannelPipeline.java: 1405
  io.netty.channel.AbstractChannelHandlerContext.fireChannelInactive  AbstractChannelHandlerContext.java:  241
io.netty.channel.AbstractChannelHandlerContext.invokeChannelInactive  AbstractChannelHandlerContext.java:  248
io.netty.channel.AbstractChannelHandlerContext.invokeChannelInactive  AbstractChannelHandlerContext.java:  262
                     io.netty.handler.ssl.SslHandler.channelInactive                     SslHandler.java: 1075
         io.netty.handler.codec.ByteToMessageDecoder.channelInactive           ByteToMessageDecoder.java:  357
      io.netty.handler.codec.ByteToMessageDecoder.channelInputClosed           ByteToMessageDecoder.java:  392
  io.netty.channel.AbstractChannelHandlerContext.fireChannelInactive  AbstractChannelHandlerContext.java:  241
io.netty.channel.AbstractChannelHandlerContext.invokeChannelInactive  AbstractChannelHandlerContext.java:  248
io.netty.channel.AbstractChannelHandlerContext.invokeChannelInactive  AbstractChannelHandlerContext.java:  262
       aleph.tcp$server_channel_handler$reify__66154.channelInactive                      NO_SOURCE_FILE:   56
java.lang.NullPointerException:

The second one of these is spurious and should be fixed.

Reproducer:

(aleph.tcp/start-server
 (fn [_ _])
 {:port 12345
  :ssl-context (aleph.netty/self-signed-ssl-context)})
(s/put! @(aleph.tcp/client {:host "localhost" :port 12345}) "foobar")

Might also affect the HTTP server with TLS enabled. Needs to be determined.

DerGuteMoritz commented 2 years ago

Might also affect the HTTP server with TLS enabled. Needs to be determined.

Turns out that this is already handled properly both in ring-handler and in raw-ring-handler.