Fixed ICE-7906 - Check for invalid ciphers in IceSSL.Ciphers

author: Benoit Foucher <benoit@zeroc.com> 2017-05-24 14:37:46 +0200
committer: Benoit Foucher <benoit@zeroc.com> 2017-05-24 14:37:46 +0200
commit: 6c6306e10fa62b0566e7920786b97d305ac897f4 (patch)
tree: 54c42c00d9226f34fea79276ccc25dbf7088b453
parent: Android test controller class loader fix (diff)
download: ice-6c6306e10fa62b0566e7920786b97d305ac897f4.tar.bz2
ice-6c6306e10fa62b0566e7920786b97d305ac897f4.tar.xz
ice-6c6306e10fa62b0566e7920786b97d305ac897f4.zip
5 files changed, 24 insertions, 21 deletions
diff --git a/cpp/src/IceSSL/SChannelEngine.cpp b/cpp/src/IceSSL/SChannelEngine.cpp
index 44fdd8eb7af..2d378344ac2 100644
--- a/cpp/src/IceSSL/SChannelEngine.cpp
+++ b/cpp/src/IceSSL/SChannelEngine.cpp
@@ -1182,10 +1182,11 @@ SChannel::SSLEngine::parseCiphers(const std::string& ciphers)
     for(vector<string>::const_iterator i = tokens.begin(); i != tokens.end(); ++i)
     {
         ALG_ID id = algorithmId(*i);
-        if(id)
+        if(id == 0)
         {
-            _ciphers.push_back(id);
+            throw PluginInitializationException(__FILE__, __LINE__, "IceSSL: no such cipher " + *i);
         }
+        _ciphers.push_back(id);
     }
 }
 
diff --git a/cpp/src/IceSSL/SecureTransportEngine.cpp b/cpp/src/IceSSL/SecureTransportEngine.cpp
index 307b82ea62e..4b8d65ef53b 100644
--- a/cpp/src/IceSSL/SecureTransportEngine.cpp
+++ b/cpp/src/IceSSL/SecureTransportEngine.cpp
@@ -1229,26 +1229,15 @@ IceSSL::SecureTransport::SSLEngine::parseCiphers(const string& ciphers)
         {
             for(vector<SSLCipherSuite>::iterator j = enabled.begin(); j != enabled.end();)
             {
-                SSLCipherSuite cipher = *j;
-                string name = CiphersHelper::cipherName(cipher);
-
-                if(ce.cipher.empty())
+                string name = CiphersHelper::cipherName(*j);
+                if((ce.cipher.empty() && ce.re->match(name)) || ce.cipher == name)
                 {
-                    if(ce.re->match(name))
-                    {
-                        j = enabled.erase(j);
-                        continue;
-                    }
+                    j = enabled.erase(j);
                 }
                 else
                 {
-                    if(ce.cipher == name)
-                    {
-                        j = enabled.erase(j);
-                        continue;
-                    }
+                    ++j;
                 }
-                j++;
             }
         }
         else
diff --git a/cpp/test/IceSSL/configuration/AllTests.cpp b/cpp/test/IceSSL/configuration/AllTests.cpp
index 76a2d06917a..e02c53be0a9 100644
--- a/cpp/test/IceSSL/configuration/AllTests.cpp
+++ b/cpp/test/IceSSL/configuration/AllTests.cpp
@@ -2565,6 +2565,19 @@ allTests(const CommunicatorPtr& communicator, const string& testDir, bool p12)
     //
 #ifndef ICE_OS_UWP
     cout << "testing ciphers... " << flush;
+    {
+        InitializationData initData;
+        initData.properties = createClientProps(defaultProps, p12, "c_rsa_ca1", "cacert1");
+        initData.properties->setProperty("IceSSL.Ciphers", "UNKNOWN");
+        try
+        {
+            initialize(initData);
+            test(false);
+        }
+        catch(const Ice::PluginInitializationException&)
+        {
+        }
+    }
 #  ifndef ICE_USE_SCHANNEL
     {
         //
diff --git a/csharp/test/Ice/ami/AllTests.cs b/csharp/test/Ice/ami/AllTests.cs
index 3e819949085..55f4d2022cf 100644
--- a/csharp/test/Ice/ami/AllTests.cs
+++ b/csharp/test/Ice/ami/AllTests.cs
@@ -3807,8 +3807,7 @@ public class AllTests : TestCommon.AllTests
 
             if(!collocated)
             {
-                communicator.getProperties().setProperty("ReplyAdapter.Endpoints", "tcp");
-                Ice.ObjectAdapter adapter = communicator.createObjectAdapter("ReplyAdapter");
+                Ice.ObjectAdapter adapter = communicator.createObjectAdapter("");
                 PingReplyI replyI = new PingReplyI();
                 Test.PingReplyPrx reply = Test.PingReplyPrxHelper.uncheckedCast(adapter.addWithUUID(replyI));
                 adapter.activate();
@@ -3816,6 +3815,7 @@ public class AllTests : TestCommon.AllTests
                 p.ice_getConnection().setAdapter(adapter);
                 p.pingBiDir(reply.ice_getIdentity());
                 replyI.waitReply(1, 100);
+                adapter.destroy();
             }
         }
         WriteLine("ok");
diff --git a/java/test/src/main/java/test/Ice/ami/AMI.java b/java/test/src/main/java/test/Ice/ami/AMI.java
index 9c17144db3d..64260e95fbb 100644
--- a/java/test/src/main/java/test/Ice/ami/AMI.java
+++ b/java/test/src/main/java/test/Ice/ami/AMI.java
@@ -981,8 +981,7 @@ public class AMI
 
             if(!collocated)
             {
-                communicator.getProperties().setProperty("ReplyAdapter.Endpoints", "tcp");
-                com.zeroc.Ice.ObjectAdapter adapter = communicator.createObjectAdapter("ReplyAdapter");
+                com.zeroc.Ice.ObjectAdapter adapter = communicator.createObjectAdapter("");
                 PingReplyI replyI = new PingReplyI();
                 PingReplyPrx reply = PingReplyPrx.uncheckedCast(adapter.addWithUUID(replyI));
                 adapter.activate();
@@ -990,6 +989,7 @@ public class AMI
                 p.ice_getConnection().setAdapter(adapter);
                 p.pingBiDir(reply.ice_getIdentity());
                 replyI.waitReply(1, 100);
+                adapter.destroy();
             }
         }
         out.println("ok");
author	Benoit Foucher <benoit@zeroc.com>	2017-05-24 14:37:46 +0200
committer	Benoit Foucher <benoit@zeroc.com>	2017-05-24 14:37:46 +0200
commit	6c6306e10fa62b0566e7920786b97d305ac897f4 (patch)
tree	54c42c00d9226f34fea79276ccc25dbf7088b453
parent	Android test controller class loader fix (diff)
download	ice-6c6306e10fa62b0566e7920786b97d305ac897f4.tar.bz2 ice-6c6306e10fa62b0566e7920786b97d305ac897f4.tar.xz ice-6c6306e10fa62b0566e7920786b97d305ac897f4.zip