[
https://issues.apache.org/jira/browse/DIRMINA-914?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13494949#comment-13494949
]
aviad lichtenstadt commented on DIRMINA-914:
--------------------------------------------
I have changed the below method to solve the issue:
public void encrypt(ByteBuffer src) throws SSLException {
if (!handshakeComplete) {
throw new IllegalStateException();
}
// The data buffer is (must be) empty, we can reuse the entire
// buffer.
outNetBuffer.clear();
// Loop until there is no more data in src
while (src.hasRemaining()) {
if (src.remaining() > ((outNetBuffer.capacity() - outNetBuffer
.position()) / 2)) {
// We have to expand outNetBuffer
// Note: there is no way to know the exact size required, but
enrypted data
// shouln't need to be larger than twice the source data size?
outNetBuffer = SSLByteBufferPool.expandBuffer(outNetBuffer, src
.capacity() * 2);
if (SessionLog.isDebugEnabled(session)) {
SessionLog.debug(session, " expanded outNetBuffer:"
+ outNetBuffer);
}
}
if (outNetBuffer.remaining() <
sslEngine.getSession().getPacketBufferSize()) //added by me
{ //added by me
outNetBuffer =
SSLByteBufferPool.expandBuffer(outNetBuffer,
sslEngine.getSession().getPacketBufferSize() + outNetBuffer.position());
//added by me
SessionLog.debug(session, "AVIAD expanded
outNetBuffer due to PacketBufferSize:"
+ outNetBuffer); //added by me
} //added by me
SSLEngineResult result = sslEngine.wrap(src, outNetBuffer);
if (SessionLog.isDebugEnabled(session)) {
SessionLog.debug(session, " Wrap res:" + result);
}
if (result.getStatus() == SSLEngineResult.Status.OK) {
if (result.getHandshakeStatus() ==
SSLEngineResult.HandshakeStatus.NEED_TASK) {
doTasks();
}
} else {
throw new SSLException("SSLEngine error during encrypt: "
+ result.getStatus() + " src: " + src
+ "outNetBuffer: " + outNetBuffer);
}
}
outNetBuffer.flip();
}
> In some cases there is a buffer_overflow exception in the sslhandler
> --------------------------------------------------------------------
>
> Key: DIRMINA-914
> URL: https://issues.apache.org/jira/browse/DIRMINA-914
> Project: MINA
> Issue Type: Bug
> Components: Handler
> Affects Versions: 1.1.7
> Reporter: aviad lichtenstadt
>
> In some cases when i try to transfer a lrge file using the ssl filter i get
> the following exception:javax.net.ssl.SSLException: SSLEngine error during
> encrypt: BUFFER_OVERFLOW src: java.nio.HeapByteBuffer[pos=16103 lim=16384
> cap=16384]outNetBuffer: java.nio.DirectByteBuffer[pos=16162 lim=32768
> cap=32768]
> at
> org.apache.mina.filter.support.SSLHandler.encrypt(SSLHandler.java:377)
> at org.apache.mina.filter.SSLFilter.filterWrite(SSLFilter.java:479)
> at
> org.apache.mina.common.support.AbstractIoFilterChain.callPreviousFilterWrite(AbstractIoFilterChain.java:361)
> at
> org.apache.mina.common.support.AbstractIoFilterChain.access$1300(AbstractIoFilterChain.java:53)
> at
> org.apache.mina.common.support.AbstractIoFilterChain$EntryImpl$1.filterWrite(AbstractIoFilterChain.java:659)
> at com.monolith.h.f.b.filterWrite(Unknown Source)
> at
> org.apache.mina.common.support.AbstractIoFilterChain.callPreviousFilterWrite(AbstractIoFilterChain.java:361)
> at
> org.apache.mina.common.support.AbstractIoFilterChain.access$1300(AbstractIoFilterChain.java:53)
> at
> org.apache.mina.common.support.AbstractIoFilterChain$EntryImpl$1.filterWrite(AbstractIoFilterChain.java:659)
> at
> org.apache.mina.filter.codec.ProtocolCodecFilter.filterWrite(ProtocolCodecFilter.java:205)
> at
> org.apache.mina.common.support.AbstractIoFilterChain.callPreviousFilterWrite(AbstractIoFilterChain.java:361)
> at
> org.apache.mina.common.support.AbstractIoFilterChain.access$1300(AbstractIoFilterChain.java:53)
> at
> org.apache.mina.common.support.AbstractIoFilterChain$EntryImpl$1.filterWrite(AbstractIoFilterChain.java:659)
> at com.monolith.h.f.d.filterWrite(Unknown Source)
> at
> org.apache.mina.common.support.AbstractIoFilterChain.callPreviousFilterWrite(AbstractIoFilterChain.java:361)
> at
> org.apache.mina.common.support.AbstractIoFilterChain.access$1300(AbstractIoFilterChain.java:53)
> at
> org.apache.mina.common.support.AbstractIoFilterChain$EntryImpl$1.filterWrite(AbstractIoFilterChain.java:659)
> at
> org.apache.mina.filter.StreamWriteFilter.messageSent(StreamWriteFilter.java:154)
> at
> org.apache.mina.common.support.AbstractIoFilterChain.callNextMessageSent(AbstractIoFilterChain.java:320)
> at
> org.apache.mina.common.support.AbstractIoFilterChain.access$1200(AbstractIoFilterChain.java:53)
> at
> org.apache.mina.common.support.AbstractIoFilterChain$EntryImpl$1.messageSent(AbstractIoFilterChain.java:653)
> at com.monolith.h.f.d.b(Unknown Source)
> at com.monolith.h.f.d$_d.run(Unknown Source)
> at
> java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886)
> at
> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908)
> at java.lang.Thread.run(Thread.java:662)
> I dont know how to reproduce this, but it happened for in 2 different sites
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
