Skip to content

Avoid NPEs in JavaNetAuthenticator #9100

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
+82 −13
Open

Avoid NPEs in JavaNetAuthenticator #9100

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
35 changes: 23 additions & 12 deletions okhttp/src/commonJvmAndroid/kotlin/okhttp3/internal/authenticator/JavaNetAuthenticator.kt
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -53,17 +53,21 @@ class JavaNetAuthenticator(
val dns = route?.address?.dns ?: defaultDns
val auth =
if (proxyAuthorization) {
val proxyAddress = proxy.address() as InetSocketAddress
Authenticator.requestPasswordAuthentication(
proxyAddress.hostName,
proxy.connectToInetAddress(url, dns),
proxyAddress.port,
url.scheme,
challenge.realm,
challenge.scheme,
url.toUrl(),
Authenticator.RequestorType.PROXY,
)
if (proxy.type() == Proxy.Type.HTTP) {
val proxyAddress = proxy.address() as InetSocketAddress
Authenticator.requestPasswordAuthentication(
proxyAddress.hostName,
proxy.connectToInetAddress(url, dns),
proxyAddress.port,
url.scheme,
challenge.realm,
challenge.scheme,
url.toUrl(),
Authenticator.RequestorType.PROXY,
)
} else {
null
}
} else {
Authenticator.requestPasswordAuthentication(
url.host,
Expand Down Expand Up @@ -102,6 +106,13 @@ class JavaNetAuthenticator(
): InetAddress =
when (type()) {
Proxy.Type.DIRECT -> dns.lookup(url.host).first()
else -> (address() as InetSocketAddress).address
else -> {
val socketAddress = address() as InetSocketAddress
if (socketAddress.isUnresolved) {
dns.lookup(socketAddress.hostString).first()
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why is this resolving the DNS address? I don’t think we guarantee that we’ll use this same resolved address later when we connect
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ahhh, I see from your stack trace. Hmmmmm.....
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Let’s just change this function to return InetAddress? ?
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yeah, that’s what this should do. Authenticator.requestPasswordAuthentication is even documented as such.

addr – The InetAddress of the site requesting authorization, or null if not known.
} else {
socketAddress.address
}
}
}
}
60 changes: 59 additions & 1 deletion okhttp/src/jvmTest/kotlin/okhttp3/internal/authenticator/JavaNetAuthenticatorTest.kt
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,8 @@ package okhttp3.internal.authenticator

import java.net.Authenticator
import java.net.InetAddress
import junit.framework.TestCase.assertNull
import java.net.InetSocketAddress
import java.net.Proxy
import okhttp3.FakeDns
import okhttp3.Protocol.HTTP_2
import okhttp3.Request
Expand All @@ -26,6 +27,7 @@ import okhttp3.TestValueFactory
import okhttp3.internal.RecordingAuthenticator
import org.junit.jupiter.api.AfterEach
import org.junit.jupiter.api.Assertions.assertEquals
import org.junit.jupiter.api.Assertions.assertNull
import org.junit.jupiter.api.BeforeEach
import org.junit.jupiter.api.Test

Expand Down Expand Up @@ -100,4 +102,60 @@ class JavaNetAuthenticatorTest {
val authRequest = authenticator.authenticate(null, response)
assertNull(authRequest)
}

@Test
fun testProxyAuthDirect() {
fakeDns["server"] = listOf(InetAddress.getLocalHost())

val route = factory.newRoute()

val request =
Request
.Builder()
.url("https://server/robots.txt")
.build()
val response =
Response
.Builder()
.request(request)
.code(407)
.header("Proxy-Authenticate", "Basic realm=\"User Visible Realm\"")
.protocol(HTTP_2)
.message("Unauthorized")
.build()
val authRequest = authenticator.authenticate(route, response)

assertNull(authRequest)
}

@Test
fun testProxyAuthUnresolvedAddress() {
fakeDns["server"] = listOf(InetAddress.getLocalHost())
fakeDns["127.0.0.1"] = listOf(InetAddress.getLocalHost())

// ProxySelector's default implementation, sun.net.spi.DefaultProxySelector, returns unresolved addresses
val proxy = Proxy(Proxy.Type.HTTP, InetSocketAddress.createUnresolved("127.0.0.1", 3128))
val route = factory.newRoute(proxy = proxy)

val request =
Request
.Builder()
.url("https://server/robots.txt")
.build()
val response =
Response
.Builder()
.request(request)
.code(407)
.header("Proxy-Authenticate", "Basic realm=\"User Visible Realm\"")
.protocol(HTTP_2)
.message("Unauthorized")
.build()
val authRequest = authenticator.authenticate(route, response)

assertEquals(
"Basic ${RecordingAuthenticator.BASE_64_CREDENTIALS}",
authRequest!!.header("Proxy-Authorization"),
)
}
}
Loading