This is an automated email from the ASF dual-hosted git repository. bhaisaab pushed a commit to branch debian9-systemvmtemplate in repository https://gitbox.apache.org/repos/asf/cloudstack.git
commit b460b1d9ad76298b39c43011665d6089b04d4224 Author: Rohit Yadav <rohit.ya...@shapeblue.com> AuthorDate: Thu Nov 30 19:14:39 2017 +0530 use a holder class to pass buffers, fixes potential leak when objects are changed Signed-off-by: Rohit Yadav <rohit.ya...@shapeblue.com> --- utils/src/main/java/com/cloud/utils/nio/Link.java | 61 ++++++++++++++++++----- 1 file changed, 48 insertions(+), 13 deletions(-) diff --git a/utils/src/main/java/com/cloud/utils/nio/Link.java b/utils/src/main/java/com/cloud/utils/nio/Link.java index ee09f8c..35211c8 100644 --- a/utils/src/main/java/com/cloud/utils/nio/Link.java +++ b/utils/src/main/java/com/cloud/utils/nio/Link.java @@ -477,14 +477,14 @@ public class Link { return replaceBuffer; } - private static boolean doHandshakeUnwrap(final SocketChannel socketChannel, final SSLEngine sslEngine, + private static HandshakeHolder doHandshakeUnwrap(final SocketChannel socketChannel, final SSLEngine sslEngine, ByteBuffer peerAppData, ByteBuffer peerNetData, final int appBufferSize) throws IOException { if (socketChannel == null || sslEngine == null || peerAppData == null || peerNetData == null || appBufferSize < 0) { - return false; + return new HandshakeHolder(peerAppData, peerNetData, false); } if (socketChannel.read(peerNetData) < 0) { if (sslEngine.isInboundDone() && sslEngine.isOutboundDone()) { - return false; + return new HandshakeHolder(peerAppData, peerNetData, false); } try { sslEngine.closeInbound(); @@ -494,7 +494,7 @@ public class Link { sslEngine.closeOutbound(); // After closeOutbound the engine will be set to WRAP state, // in order to try to send a close message to the client. - return true; + return new HandshakeHolder(peerAppData, peerNetData, true); } peerNetData.flip(); SSLEngineResult result = null; @@ -505,7 +505,10 @@ public class Link { s_logger.error(String.format("SSL error caught during unwrap data: %s, for local address=%s, remote address=%s. The client may have invalid ca-certificates.", sslException.getMessage(), socketChannel.getLocalAddress(), socketChannel.getRemoteAddress())); sslEngine.closeOutbound(); - return true; + return new HandshakeHolder(peerAppData, peerNetData, true); + } + if (result == null) { + return new HandshakeHolder(peerAppData, peerNetData, false); } switch (result.getStatus()) { case OK: @@ -521,7 +524,7 @@ public class Link { break; case CLOSED: if (sslEngine.isOutboundDone()) { - return false; + return new HandshakeHolder(peerAppData, peerNetData, false); } else { sslEngine.closeOutbound(); } @@ -529,15 +532,15 @@ public class Link { default: throw new IllegalStateException("Invalid SSL status: " + result.getStatus()); } - return true; + return new HandshakeHolder(peerAppData, peerNetData, true); } - private static boolean doHandshakeWrap(final SocketChannel socketChannel, final SSLEngine sslEngine, + private static HandshakeHolder doHandshakeWrap(final SocketChannel socketChannel, final SSLEngine sslEngine, ByteBuffer myAppData, ByteBuffer myNetData, ByteBuffer peerNetData, final int netBufferSize) throws IOException { if (socketChannel == null || sslEngine == null || myNetData == null || peerNetData == null || myAppData == null || netBufferSize < 0) { - return false; + return new HandshakeHolder(myAppData, myNetData, false); } myNetData.clear(); SSLEngineResult result = null; @@ -547,7 +550,10 @@ public class Link { s_logger.error(String.format("SSL error caught during wrap data: %s, for local address=%s, remote address=%s.", sslException.getMessage(), socketChannel.getLocalAddress(), socketChannel.getRemoteAddress())); sslEngine.closeOutbound(); - return true; + return new HandshakeHolder(myAppData, myNetData, true); + } + if (result == null) { + return new HandshakeHolder(myAppData, myNetData, false); } switch (result.getStatus()) { case OK : @@ -581,7 +587,7 @@ public class Link { default: throw new IllegalStateException("Invalid SSL status: " + result.getStatus()); } - return true; + return new HandshakeHolder(myAppData, myNetData, true); } public static boolean doHandshake(final SocketChannel socketChannel, final SSLEngine sslEngine) throws IOException { @@ -609,12 +615,17 @@ public class Link { } switch (handshakeStatus) { case NEED_UNWRAP: - if (!doHandshakeUnwrap(socketChannel, sslEngine, peerAppData, peerNetData, appBufferSize)) { + final HandshakeHolder unwrapResult = doHandshakeUnwrap(socketChannel, sslEngine, peerAppData, peerNetData, appBufferSize); + peerAppData = unwrapResult.getAppDataBuffer(); + peerNetData = unwrapResult.getNetDataBuffer(); + if (!unwrapResult.isSuccess()) { return false; } break; case NEED_WRAP: - if (!doHandshakeWrap(socketChannel, sslEngine, myAppData, myNetData, peerNetData, netBufferSize)) { + final HandshakeHolder wrapResult = doHandshakeWrap(socketChannel, sslEngine, myAppData, myNetData, peerNetData, netBufferSize); + myNetData = wrapResult.getNetDataBuffer(); + if (!wrapResult.isSuccess()) { return false; } break; @@ -639,4 +650,28 @@ public class Link { return true; } + private static class HandshakeHolder { + private ByteBuffer appData; + private ByteBuffer netData; + private boolean success = true; + + HandshakeHolder(ByteBuffer appData, ByteBuffer netData, boolean success) { + this.appData = appData; + this.netData = netData; + this.success = success; + } + + ByteBuffer getAppDataBuffer() { + return appData; + } + + ByteBuffer getNetDataBuffer() { + return netData; + } + + boolean isSuccess() { + return success; + } + } + } -- To stop receiving notification emails like this one, please contact "commits@cloudstack.apache.org" <commits@cloudstack.apache.org>.