[jira] Updated: (DIRMINA-637) SSLEngine output buffer seems to be too small

[Emmanuel Lecharny (JIRA)]

     [ 
https://issues.apache.org/jira/browse/DIRMINA-637?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Emmanuel Lecharny updated DIRMINA-637:
--------------------------------------

    Fix Version/s: 1.1.8

We should check if it also affects 2.0.0

> SSLEngine output buffer seems to be too small
> ---------------------------------------------
>
>                 Key: DIRMINA-637
>                 URL: https://issues.apache.org/jira/browse/DIRMINA-637
>             Project: MINA
>          Issue Type: Bug
>          Components: Filter
>    Affects Versions: 1.1.1, 1.1.7
>            Reporter: Dan Mihai Dumitriu
>            Assignee: Emmanuel Lecharny
>             Fix For: 1.1.8
>
>
> the code below is in SSLHandler.java.  it makes the assumption that the size 
> of the output will never be larger than 2x the size of the input.  that 
> assumption appears to not hold up.  It looks like this code has been fixed in 
> trunk, but not in 1.1.7.  we only see an error for VERY specific content, 
> i.e. almost never.
>     public void encrypt(ByteBuffer src) throws SSLException {
>         if (!initialHandshakeComplete) {
>             throw new IllegalStateException();
>         }
>         // The data buffer is (must be) empty, we can reuse the entire
>         // buffer.
>         outNetBuffer.clear();
>         // Loop until there is no more data in src
>         while (src.hasRemaining()) {
>             if (src.remaining() > ((outNetBuffer.capacity() - outNetBuffer
>                     .position()) / 2)) {
>                 // We have to expand outNetBuffer
>                 // Note: there is no way to know the exact size required, but 
> enrypted data
>                 // shouln't need to be larger than twice the source data size?
>                 outNetBuffer = SSLByteBufferPool.expandBuffer(outNetBuffer, 
> src
>                         .capacity() * 2);
>                 if (SessionLog.isDebugEnabled(session)) {
>                     SessionLog.debug(session, " expanded outNetBuffer:"
>                             + outNetBuffer);
>                 }
>             }
>             SSLEngineResult result = sslEngine.wrap(src, outNetBuffer);
>             if (SessionLog.isDebugEnabled(session)) {
>                 SessionLog.debug(session, " Wrap res:" + result);
>             }
>             if (result.getStatus() == SSLEngineResult.Status.OK) {
>                 if (result.getHandshakeStatus() == 
> SSLEngineResult.HandshakeStatus.NEED_TASK) {
>                     doTasks();
>                 }
>             } else {
>                 throw new SSLException("SSLEngine error during encrypt: "
>                         + result.getStatus() + " src: " + src
>                         + "outNetBuffer: " + outNetBuffer);
>             }
>         }
>         outNetBuffer.flip();
>     }

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.