Fix CVE-2021-20328

JAVA-4017
mongodb · Feb 18, 2021 · ae5b1c0 · ae5b1c0
1 parent 32052a1
commit ae5b1c0
Show file tree

Hide file tree

Showing 2 changed files with 23 additions and 1 deletion.
diff --git a/config/findbugs-exclude.xml b/config/findbugs-exclude.xml
@@ -25,6 +25,15 @@
 
 
     <!-- these specific issues are deliberate design decisions -->
+
+    <!-- Deliberately ignoring this, as the check for a null SSLParameters is actually necessary.
+         See https://jira.mongodb.org/browse/JAVA-2876 for details. -->
+    <Match>
+        <Class name="com.mongodb.client.internal.KeyManagementService"/>
+        <Method name="enableHostNameVerification" params="javax.net.ssl.SSLSocket"/>
+        <Bug pattern="RCN_REDUNDANT_NULLCHECK_OF_NONNULL_VALUE"/>
+    </Match>
+
     <!-- Deliberately ignoring this, as many BSONObject subclasses don't do it -->
     <Match>
         <Package name="com.mongodb"/>

diff --git a/driver-sync/src/main/com/mongodb/client/internal/KeyManagementService.java b/driver-sync/src/main/com/mongodb/client/internal/KeyManagementService.java
@@ -17,8 +17,11 @@
 package com.mongodb.client.internal;
 
 import com.mongodb.ServerAddress;
+import com.mongodb.internal.connection.SslHelper;
 
 import javax.net.ssl.SSLContext;
+import javax.net.ssl.SSLParameters;
+import javax.net.ssl.SSLSocket;
 import java.io.IOException;
 import java.io.InputStream;
 import java.io.OutputStream;
@@ -38,9 +41,10 @@ class KeyManagementService {
 
     public InputStream stream(final String host, final ByteBuffer message) throws IOException {
         ServerAddress serverAddress = host.contains(":") ? new ServerAddress(host) : new ServerAddress(host, defaultPort);
-        Socket socket = sslContext.getSocketFactory().createSocket();
+        SSLSocket socket = (SSLSocket) sslContext.getSocketFactory().createSocket();
 
         try {
+            enableHostNameVerification(socket);
             socket.setSoTimeout(timeoutMillis);
             socket.connect(serverAddress.getSocketAddress(), timeoutMillis);
         } catch (IOException e) {
@@ -68,6 +72,15 @@ public InputStream stream(final String host, final ByteBuffer message) throws IO
         }
     }
 
+    private void enableHostNameVerification(final SSLSocket socket) {
+        SSLParameters sslParameters = socket.getSSLParameters();
+        if (sslParameters == null) {
+            sslParameters = new SSLParameters();
+        }
+        SslHelper.enableHostNameVerification(sslParameters);
+        socket.setSSLParameters(sslParameters);
+    }
+
     public int getDefaultPort() {
         return defaultPort;
     }