db-derby-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From ma...@apache.org
Subject svn commit: r1636798 - in /db/derby/code/trunk/java: client/org/apache/derby/client/net/OpenSocketAction.java drda/org/apache/derby/impl/drda/NetworkServerControlImpl.java
Date Wed, 05 Nov 2014 05:52:54 GMT
Author: mamta
Date: Wed Nov  5 05:52:53 2014
New Revision: 1636798

URL: http://svn.apache.org/r1636798
Log:
DERBY-6764(analyze impact of poodle security alert on Derby client - server ssl support)

Fixed problem with array counter.


Modified:
    db/derby/code/trunk/java/client/org/apache/derby/client/net/OpenSocketAction.java
    db/derby/code/trunk/java/drda/org/apache/derby/impl/drda/NetworkServerControlImpl.java

Modified: db/derby/code/trunk/java/client/org/apache/derby/client/net/OpenSocketAction.java
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/client/org/apache/derby/client/net/OpenSocketAction.java?rev=1636798&r1=1636797&r2=1636798&view=diff
==============================================================================
--- db/derby/code/trunk/java/client/org/apache/derby/client/net/OpenSocketAction.java (original)
+++ db/derby/code/trunk/java/client/org/apache/derby/client/net/OpenSocketAction.java Wed
Nov  5 05:52:53 2014
@@ -90,30 +90,27 @@ class OpenSocketAction implements Privil
             //If SSLv3 and/or SSLv2Hello is one of the enabled protocols, 
             // then remove it from the list of enabled protocols because of 
             // its security breach.
-            String[] removeTwoProtocols = new String[enabledProtocols.length];
-            int removedProtocolsCount  = 0;
-            boolean foundProtocolToRemove=false;
+            String[] supportedProtocols = new String[enabledProtocols.length];
+            int supportedProtocolsCount  = 0;
             for ( int i = 0; i < enabledProtocols.length; i++ )
             {
-                if (enabledProtocols[i].toUpperCase().contains("SSLV3") ||
-                    enabledProtocols[i].toUpperCase().contains("SSLV2HELLO")) {
-                	foundProtocolToRemove=true;
-                } else {
-                	removeTwoProtocols[removedProtocolsCount] = 
+                if (!(enabledProtocols[i].toUpperCase().contains("SSLV3") ||
+                    enabledProtocols[i].toUpperCase().contains("SSLV2HELLO"))) {
+                	supportedProtocols[supportedProtocolsCount] = 
                 			enabledProtocols[i];
-                	removedProtocolsCount++;
+                	supportedProtocolsCount++;
                 }
             }
-            if(foundProtocolToRemove) {
+            if(supportedProtocolsCount < enabledProtocols.length) {
             	String[] newEnabledProtocolsList = null;
             	//We found that SSLv3 and or SSLv2Hello is one of the enabled 
             	// protocols for this jvm. Following code will remove it from 
             	// enabled list.
             	newEnabledProtocolsList = 
-            			new String[(removeTwoProtocols.length)-1];
-            	System.arraycopy(removeTwoProtocols, 0, 
+            			new String[supportedProtocolsCount];
+            	System.arraycopy(supportedProtocols, 0, 
             			newEnabledProtocolsList, 0, 
-            			removedProtocolsCount);
+            			supportedProtocolsCount);
             	sSocket.setEnabledProtocols(newEnabledProtocolsList);
             }
             return sSocket;

Modified: db/derby/code/trunk/java/drda/org/apache/derby/impl/drda/NetworkServerControlImpl.java
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/drda/org/apache/derby/impl/drda/NetworkServerControlImpl.java?rev=1636798&r1=1636797&r2=1636798&view=diff
==============================================================================
--- db/derby/code/trunk/java/drda/org/apache/derby/impl/drda/NetworkServerControlImpl.java
(original)
+++ db/derby/code/trunk/java/drda/org/apache/derby/impl/drda/NetworkServerControlImpl.java
Wed Nov  5 05:52:53 2014
@@ -2709,29 +2709,26 @@ public final class NetworkServerControlI
         //If SSLv3 and SSLv2Hello are one of the enabled protocols, then 
         // remove them from the list of enabled protocols because of the 
         // possible security breach.
-        String[] removeTwoProtocols = new String[enabledProtocols.length];
-        int removedProtocolsCount  = 0;
-        boolean foundProtocolToRemove=false;
+        String[] supportedProtocols = new String[enabledProtocols.length];
+        int supportedProtocolsCount  = 0;
         for ( int i = 0; i < enabledProtocols.length; i++ )
         {
-            if (enabledProtocols[i].toUpperCase().contains("SSLV3") ||
-            	enabledProtocols[i].toUpperCase().contains("SSLV2HELLO")) {
-            	foundProtocolToRemove=true;
-            } else {
-            	removeTwoProtocols[removedProtocolsCount] = enabledProtocols[i];
-            	removedProtocolsCount++;
+            if (!(enabledProtocols[i].toUpperCase().contains("SSLV3") ||
+            	enabledProtocols[i].toUpperCase().contains("SSLV2HELLO"))) {
+            	supportedProtocols[supportedProtocolsCount] = enabledProtocols[i];
+            	supportedProtocolsCount++;
             }
         }
-        String[] newEnabledProtocolsList = null;
-        if(foundProtocolToRemove) {
+        if(supportedProtocolsCount < enabledProtocols.length) {
             //We found SSLv3 and/or SSLv2Hello as one of the enabled 
             // protocols for this jvm. Following code will remove them from 
             // enabled list.
+            String[] newEnabledProtocolsList = null;
             newEnabledProtocolsList = 
-                new String[(removeTwoProtocols.length)-1];
-            System.arraycopy(removeTwoProtocols, 0, 
+                new String[supportedProtocolsCount];
+            System.arraycopy(supportedProtocols, 0, 
                 newEnabledProtocolsList, 0, 
-                removedProtocolsCount);
+                supportedProtocolsCount);
             return(newEnabledProtocolsList);
         } else 
             return(enabledProtocols);



Mime
View raw message