Upgrade Okie to version 3.6.0 (from 1.17.2) and OkHttp jar to versio…

…n 4.12.0 to address CVE-2023-3635.
prestodb · Jan 21, 2025 · f3d345d · f3d345d
1 parent 85eeacf
commit f3d345d
Show file tree

Hide file tree

Showing 6 changed files with 701 additions and 7 deletions.
diff --git a/pom.xml b/pom.xml
@@ -49,7 +49,7 @@
         <dep.slice.version>0.38</dep.slice.version>
         <dep.testing-mysql-server-5.version>0.6</dep.testing-mysql-server-5.version>
         <dep.aws-sdk.version>1.12.560</dep.aws-sdk.version>
-        <dep.okhttp.version>3.9.0</dep.okhttp.version>
+        <dep.okhttp.version>4.12.0</dep.okhttp.version>
         <dep.jdbi3.version>3.4.0</dep.jdbi3.version>
         <dep.oracle.version>19.3.0.0</dep.oracle.version>
         <dep.drift.version>1.40</dep.drift.version>
@@ -2346,6 +2346,7 @@
                                     <exclude>com.fasterxml.jackson.core:jackson-annotations</exclude>
                                     <exclude>com.fasterxml.jackson.core:jackson-core</exclude>
                                     <exclude>com.fasterxml.jackson.core:jackson-databind</exclude>
+                                    <exclude>org.jetbrains.kotlin:kotlin-stdlib-jdk8</exclude>
                                 </excludes>
                             </requireUpperBoundDeps>
                         </rules>

diff --git a/presto-client/src/main/java/com/facebook/presto/client/JsonResponse.java b/presto-client/src/main/java/com/facebook/presto/client/JsonResponse.java
@@ -24,7 +24,6 @@
 import javax.annotation.Nullable;
 
 import java.io.IOException;
-import java.io.InterruptedIOException;
 import java.io.UncheckedIOException;
 
 import static com.google.common.base.MoreObjects.toStringHelper;
@@ -146,11 +145,6 @@ public static <T> JsonResponse<T> execute(JsonCodec<T> codec, OkHttpClient clien
             return new JsonResponse<>(response.code(), response.message(), response.headers(), body);
         }
         catch (IOException e) {
-            // OkHttp throws this after clearing the interrupt status
-            // TODO: remove after updating to Okio 1.15.0+
-            if ((e instanceof InterruptedIOException) && "thread interrupted".equals(e.getMessage())) {
-                Thread.currentThread().interrupt();
-            }
             throw new UncheckedIOException(e);
         }
     }

diff --git a/presto-client/src/main/java/com/facebook/presto/client/OkHttpUtil.java b/presto-client/src/main/java/com/facebook/presto/client/OkHttpUtil.java
@@ -16,6 +16,7 @@
 import com.facebook.airlift.security.pem.PemReader;
 import com.google.common.base.CharMatcher;
 import com.google.common.net.HostAndPort;
+import okhttp.internal.tls.LegacyHostnameVerifier;
 import okhttp3.Call;
 import okhttp3.Callback;
 import okhttp3.Credentials;
@@ -237,6 +238,7 @@ public static void setupSsl(
             sslContext.init(keyManagers, new TrustManager[] {trustManager}, null);
 
             clientBuilder.sslSocketFactory(sslContext.getSocketFactory(), trustManager);
+            clientBuilder.hostnameVerifier(LegacyHostnameVerifier.INSTANCE);
         }
         catch (GeneralSecurityException | IOException e) {
             throw new ClientException("Error setting up SSL: " + e.getMessage(), e);