Fix CVE-2021-20328

jyemin · jyemin · commit dcd67f113549 · 2021-02-18T14:36:21.000-05:00
JAVA-4017
diff --git a/config/findbugs-exclude.xml b/config/findbugs-exclude.xml
@@ -25,6 +25,15 @@
 
 
     <!-- these specific issues are deliberate design decisions -->
+
+    <!-- Deliberately ignoring this, as the check for a null SSLParameters is actually necessary.
+         See https://jira.mongodb.org/browse/JAVA-2876 for details. -->
+    <Match>
+        <Class name="com.mongodb.client.internal.KeyManagementService"/>
+        <Method name="enableHostNameVerification" params="javax.net.ssl.SSLSocket"/>
+        <Bug pattern="RCN_REDUNDANT_NULLCHECK_OF_NONNULL_VALUE"/>
+    </Match>
+
     <!-- Deliberately ignoring this, as many BSONObject subclasses don't do it -->
     <Match>
         <Package name="com.mongodb"/>
diff --git a/driver-sync/src/main/com/mongodb/client/internal/KeyManagementService.java b/driver-sync/src/main/com/mongodb/client/internal/KeyManagementService.java
@@ -20,8 +20,11 @@
 import com.mongodb.MongoSocketReadException;
 import com.mongodb.MongoSocketWriteException;
 import com.mongodb.ServerAddress;
+import com.mongodb.internal.connection.SslHelper;
 
 import javax.net.ssl.SSLContext;
+import javax.net.ssl.SSLParameters;
+import javax.net.ssl.SSLSocket;
 import java.io.IOException;
 import java.io.InputStream;
 import java.io.OutputStream;
@@ -42,14 +45,15 @@ class KeyManagementService {
     }
 
     public InputStream stream(final String host, final ByteBuffer message) {
-        Socket socket;
+        SSLSocket socket;
         try {
-            socket = sslContext.getSocketFactory().createSocket();
+            socket = (SSLSocket) sslContext.getSocketFactory().createSocket();
         } catch (IOException e) {
             throw new MongoSocketOpenException("Exception opening connection to Key Management Service", new ServerAddress(host, port), e);
         }
 
         try {
+            enableHostNameVerification(socket);
             socket.setSoTimeout(timeoutMillis);
             socket.connect(new InetSocketAddress(InetAddress.getByName(host), port), timeoutMillis);
         } catch (IOException e) {
@@ -79,6 +83,15 @@ public InputStream stream(final String host, final ByteBuffer message) {
         }
     }
 
+    private void enableHostNameVerification(final SSLSocket socket) {
+        SSLParameters sslParameters = socket.getSSLParameters();
+        if (sslParameters == null) {
+            sslParameters = new SSLParameters();
+        }
+        SslHelper.enableHostNameVerification(sslParameters);
+        socket.setSSLParameters(sslParameters);
+    }
+
     public int getPort() {
         return port;
     }
