Correctly keep track of validExtensions per request / response (#13180)

normanmaurer · web-flow · commit f761ab562033 · 2023-02-06T09:41:10.000-08:00
Motivation: At the moment we not correctly reset state between different request / response pairs. This can lead to situations when invalid extensions are used. Modifications: - Use a Queue to keep track of extensions per request / response Result: Fixes #13176
diff --git a/codec-http/src/main/java/io/netty/handler/codec/http/websocketx/extensions/WebSocketServerExtensionHandler.java b/codec-http/src/main/java/io/netty/handler/codec/http/websocketx/extensions/WebSocketServerExtensionHandler.java
@@ -28,10 +28,13 @@
 import io.netty.handler.codec.http.HttpResponse;
 import io.netty.handler.codec.http.HttpResponseStatus;
 
+import java.util.ArrayDeque;
 import java.util.ArrayList;
 import java.util.Arrays;
+import java.util.Collections;
 import java.util.Iterator;
 import java.util.List;
+import java.util.Queue;
 
 /**
  * This handler negotiates and initializes the WebSocket Extensions.
@@ -47,7 +50,8 @@ public class WebSocketServerExtensionHandler extends ChannelDuplexHandler {
 
     private final List<WebSocketServerExtensionHandshaker> extensionHandshakers;
 
-    private List<WebSocketServerExtension> validExtensions;
+    private final Queue<List<WebSocketServerExtension>> validExtensions =
+            new ArrayDeque<List<WebSocketServerExtension>>(4);
 
     /**
      * Constructor
@@ -63,6 +67,7 @@ public WebSocketServerExtensionHandler(WebSocketServerExtensionHandshaker... ext
     @Override
     public void channelRead(ChannelHandlerContext ctx, Object msg) throws Exception {
         if (msg instanceof HttpRequest) {
+            List<WebSocketServerExtension> validExtensionsList = null;
             HttpRequest request = (HttpRequest) msg;
 
             if (WebSocketExtensionUtil.isWebsocketUpgrade(request.headers())) {
@@ -85,15 +90,20 @@ public void channelRead(ChannelHandlerContext ctx, Object msg) throws Exception
                         }
 
                         if (validExtension != null && ((validExtension.rsv() & rsv) == 0)) {
-                            if (validExtensions == null) {
-                                validExtensions = new ArrayList<WebSocketServerExtension>(1);
+                            if (validExtensionsList == null) {
+                                validExtensionsList = new ArrayList<WebSocketServerExtension>(1);
                             }
                             rsv = rsv | validExtension.rsv();
-                            validExtensions.add(validExtension);
+                            validExtensionsList.add(validExtension);
                         }
                     }
                 }
             }
+
+            if (validExtensionsList == null) {
+                validExtensionsList = Collections.emptyList();
+            }
+            validExtensions.offer(validExtensionsList);
         }
 
         super.channelRead(ctx, msg);
@@ -102,28 +112,29 @@ public void channelRead(ChannelHandlerContext ctx, Object msg) throws Exception
     @Override
     public void write(final ChannelHandlerContext ctx, Object msg, ChannelPromise promise) throws Exception {
         if (msg instanceof HttpResponse) {
+            List<WebSocketServerExtension> validExtensionsList = validExtensions.poll();
             HttpResponse httpResponse = (HttpResponse) msg;
             //checking the status is faster than looking at headers
             //so we do this first
             if (HttpResponseStatus.SWITCHING_PROTOCOLS.equals(httpResponse.status())) {
-                handlePotentialUpgrade(ctx, promise, httpResponse);
+                handlePotentialUpgrade(ctx, promise, httpResponse, validExtensionsList);
             }
         }
 
         super.write(ctx, msg, promise);
     }
 
     private void handlePotentialUpgrade(final ChannelHandlerContext ctx,
-                                        ChannelPromise promise, HttpResponse httpResponse) {
+                                        ChannelPromise promise, HttpResponse httpResponse,
+                                        final List<WebSocketServerExtension> validExtensionsList) {
         HttpHeaders headers = httpResponse.headers();
 
         if (WebSocketExtensionUtil.isWebsocketUpgrade(headers)) {
-
-            if (validExtensions != null) {
+            if (validExtensionsList != null && !validExtensionsList.isEmpty()) {
                 String headerValue = headers.getAsString(HttpHeaderNames.SEC_WEBSOCKET_EXTENSIONS);
                 List<WebSocketExtensionData> extraExtensions =
                   new ArrayList<WebSocketExtensionData>(extensionHandshakers.size());
-                for (WebSocketServerExtension extension : validExtensions) {
+                for (WebSocketServerExtension extension : validExtensionsList) {
                     extraExtensions.add(extension.newReponseData());
                 }
                 String newHeaderValue = WebSocketExtensionUtil
@@ -132,7 +143,7 @@ private void handlePotentialUpgrade(final ChannelHandlerContext ctx,
                     @Override
                     public void operationComplete(ChannelFuture future) {
                         if (future.isSuccess()) {
-                            for (WebSocketServerExtension extension : validExtensions) {
+                            for (WebSocketServerExtension extension : validExtensionsList) {
                                 WebSocketExtensionDecoder decoder = extension.newExtensionDecoder();
                                 WebSocketExtensionEncoder encoder = extension.newExtensionEncoder();
                                 String name = ctx.name();
diff --git a/codec-http/src/test/java/io/netty/handler/codec/http/websocketx/extensions/WebSocketServerExtensionHandlerTest.java b/codec-http/src/test/java/io/netty/handler/codec/http/websocketx/extensions/WebSocketServerExtensionHandlerTest.java
@@ -25,6 +25,7 @@
 import java.util.Collections;
 import java.util.List;
 
+import io.netty.handler.codec.http.LastHttpContent;
 import org.junit.jupiter.api.Test;
 
 import static io.netty.handler.codec.http.websocketx.extensions.WebSocketExtensionTestUtil.*;
@@ -41,11 +42,18 @@ public class WebSocketServerExtensionHandlerTest {
             mock(WebSocketServerExtensionHandshaker.class, "mainHandshaker");
     WebSocketServerExtensionHandshaker fallbackHandshakerMock =
             mock(WebSocketServerExtensionHandshaker.class, "fallbackHandshaker");
+
+    WebSocketServerExtensionHandshaker main2HandshakerMock =
+            mock(WebSocketServerExtensionHandshaker.class, "main2Handshaker");
     WebSocketServerExtension mainExtensionMock =
             mock(WebSocketServerExtension.class, "mainExtension");
+
     WebSocketServerExtension fallbackExtensionMock =
             mock(WebSocketServerExtension.class, "fallbackExtension");
 
+    WebSocketServerExtension main2ExtensionMock =
+            mock(WebSocketServerExtension.class, "main2Extension");
+
     @Test
     public void testMainSuccess() {
         // initialize
@@ -229,4 +237,51 @@ public void testExtensionHandlerNotRemovedByFailureWritePromise() {
         assertNotNull(ch.pipeline().context(extensionHandler));
         assertTrue(ch.finish());
     }
+
+    @Test
+    public void testExtensionMultipleRequests() {
+        // initialize
+        when(mainHandshakerMock.handshakeExtension(webSocketExtensionDataMatcher("main")))
+                .thenReturn(mainExtensionMock);
+
+        when(mainExtensionMock.rsv()).thenReturn(WebSocketExtension.RSV1);
+        when(mainExtensionMock.newReponseData()).thenReturn(
+                new WebSocketExtensionData("main", Collections.<String, String>emptyMap()));
+        when(mainExtensionMock.newExtensionEncoder()).thenReturn(new DummyEncoder());
+        when(mainExtensionMock.newExtensionDecoder()).thenReturn(new DummyDecoder());
+
+        when(main2HandshakerMock.handshakeExtension(webSocketExtensionDataMatcher("main2")))
+                .thenReturn(main2ExtensionMock);
+
+        when(main2ExtensionMock.rsv()).thenReturn(WebSocketExtension.RSV1);
+        when(main2ExtensionMock.newReponseData()).thenReturn(
+                new WebSocketExtensionData("main2", Collections.<String, String>emptyMap()));
+        when(main2ExtensionMock.newExtensionEncoder()).thenReturn(new DummyEncoder());
+        when(main2ExtensionMock.newExtensionDecoder()).thenReturn(new DummyDecoder());
+
+        // execute
+        WebSocketServerExtensionHandler extensionHandler =
+                new WebSocketServerExtensionHandler(mainHandshakerMock, main2HandshakerMock);
+        EmbeddedChannel ch = new EmbeddedChannel(extensionHandler);
+
+        HttpRequest req = newUpgradeRequest("main");
+        assertTrue(ch.writeInbound(req));
+        assertTrue(ch.writeInbound(LastHttpContent.EMPTY_LAST_CONTENT));
+
+        HttpRequest req2 = newUpgradeRequest("main2");
+        assertTrue(ch.writeInbound(req2));
+        assertTrue(ch.writeInbound(LastHttpContent.EMPTY_LAST_CONTENT));
+
+        HttpResponse res = newUpgradeResponse(null);
+        assertTrue(ch.writeOutbound(res));
+        assertTrue(ch.writeOutbound(LastHttpContent.EMPTY_LAST_CONTENT));
+
+        res = ch.readOutbound();
+        assertEquals("main", res.headers().get(HttpHeaderNames.SEC_WEBSOCKET_EXTENSIONS));
+        LastHttpContent content = ch.readOutbound();
+        content.release();
+
+        assertNull(ch.pipeline().context(extensionHandler));
+        assertTrue(ch.finishAndReleaseAll());
+    }
 }
