[jira] [Resolved] (DIRMINA-1023) Infinite loop in SslHandler when the AppBuffer is too small

Fri, 22 Jan 2016 07:21:12 -0800 

     [ 
https://issues.apache.org/jira/browse/DIRMINA-1023?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Emmanuel Lecharny resolved DIRMINA-1023.
----------------------------------------
    Resolution: Fixed

Patch applied with commit {{26c894d992d8581db966e161ea35e87f6670350d}}

> Infinite loop in SslHandler when the AppBuffer is too small
> -----------------------------------------------------------
>
>                 Key: DIRMINA-1023
>                 URL: https://issues.apache.org/jira/browse/DIRMINA-1023
>             Project: MINA
>          Issue Type: Bug
>          Components: SSL
>    Affects Versions: 2.0.10
>            Reporter: Emmanuel Lecharny
>            Priority: Blocker
>             Fix For: 2.0.11
>
>
> Radovan Semancik found a bug in the SslHandler class :
> {noformat}
> Hello,
> Working with Apache Directory API while getting Active Directory schema over 
> SSL uncovered a bug in Mina 2 code. The attempt to read the data ended up in 
> endless loop caused by consecutive overflows from the SSL engine. What is 
> worse, no indication of this condition was passed to the client. The patch is 
> attached.
> -- 
> Radovan Semancik
> Software Architect
> evolveum.com
> {noformat}
> and here is the patch :
> {noformat}
> ---
>  .../src/main/java/org/apache/mina/filter/ssl/SslHandler.java   | 10 
> ++++++++--
>  1 file changed, 8 insertions(+), 2 deletions(-)
> diff --git 
> a/mina-core/src/main/java/org/apache/mina/filter/ssl/SslHandler.java 
> b/mina-core/src/main/java/org/apache/mina/filter/ssl/SslHandler.java
> index 973fd10..929a948 100644
> --- a/mina-core/src/main/java/org/apache/mina/filter/ssl/SslHandler.java
> +++ b/mina-core/src/main/java/org/apache/mina/filter/ssl/SslHandler.java
> @@ -748,10 +748,16 @@ class SslHandler {
>              if (status == SSLEngineResult.Status.BUFFER_OVERFLOW) {
>                  // We have to grow the target buffer, it's too small.
>                  // Then we can call the unwrap method again
> -                
> appBuffer.capacity(sslEngine.getSession().getApplicationBufferSize());
> -                appBuffer.limit(appBuffer.capacity());
> +                int newCapacity = 
> sslEngine.getSession().getApplicationBufferSize();
> +                if (appBuffer.remaining() >= newCapacity) {
> +                    // The buffer is already larger than the max buffer size 
> suggested by the SSL engine.
> +                    // Raising it any more will not make sense and it will 
> end up in an endless loop. Throwing an error is safer.
> +                    throw new SSLException("SSL buffer overflow");
> +                }
> +                appBuffer.expand(newCapacity);
>                  continue;
>              }
> +            
>          } while (((status == SSLEngineResult.Status.OK) || (status == 
> SSLEngineResult.Status.BUFFER_OVERFLOW))
>                  && ((handshakeStatus == 
> SSLEngineResult.HandshakeStatus.NOT_HANDSHAKING) || (handshakeStatus == 
> SSLEngineResult.HandshakeStatus.NEED_UNWRAP)));
>  
> -- 
> 2.1.4
> {noformat}



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to