[cloudstack] 11/12: use a holder class to pass buffers, fixes potential leak when objects are changed

Thu, 30 Nov 2017 09:58:41 -0800 

This is an automated email from the ASF dual-hosted git repository.

bhaisaab pushed a commit to branch debian9-systemvmtemplate
in repository https://gitbox.apache.org/repos/asf/cloudstack.git

commit b460b1d9ad76298b39c43011665d6089b04d4224
Author: Rohit Yadav <rohit.ya...@shapeblue.com>
AuthorDate: Thu Nov 30 19:14:39 2017 +0530

    use a holder class to pass buffers, fixes potential leak when objects are 
changed
    
    Signed-off-by: Rohit Yadav <rohit.ya...@shapeblue.com>
---
 utils/src/main/java/com/cloud/utils/nio/Link.java | 61 ++++++++++++++++++-----
 1 file changed, 48 insertions(+), 13 deletions(-)

diff --git a/utils/src/main/java/com/cloud/utils/nio/Link.java 
b/utils/src/main/java/com/cloud/utils/nio/Link.java
index ee09f8c..35211c8 100644
--- a/utils/src/main/java/com/cloud/utils/nio/Link.java
+++ b/utils/src/main/java/com/cloud/utils/nio/Link.java
@@ -477,14 +477,14 @@ public class Link {
         return replaceBuffer;
     }
 
-    private static boolean doHandshakeUnwrap(final SocketChannel 
socketChannel, final SSLEngine sslEngine,
+    private static HandshakeHolder doHandshakeUnwrap(final SocketChannel 
socketChannel, final SSLEngine sslEngine,
                                              ByteBuffer peerAppData, 
ByteBuffer peerNetData, final int appBufferSize) throws IOException {
         if (socketChannel == null || sslEngine == null || peerAppData == null 
|| peerNetData == null || appBufferSize < 0) {
-            return false;
+            return new HandshakeHolder(peerAppData, peerNetData, false);
         }
         if (socketChannel.read(peerNetData) < 0) {
             if (sslEngine.isInboundDone() && sslEngine.isOutboundDone()) {
-                return false;
+                return new HandshakeHolder(peerAppData, peerNetData, false);
             }
             try {
                 sslEngine.closeInbound();
@@ -494,7 +494,7 @@ public class Link {
             sslEngine.closeOutbound();
             // After closeOutbound the engine will be set to WRAP state,
             // in order to try to send a close message to the client.
-            return true;
+            return new HandshakeHolder(peerAppData, peerNetData, true);
         }
         peerNetData.flip();
         SSLEngineResult result = null;
@@ -505,7 +505,10 @@ public class Link {
             s_logger.error(String.format("SSL error caught during unwrap data: 
%s, for local address=%s, remote address=%s. The client may have invalid 
ca-certificates.",
                     sslException.getMessage(), 
socketChannel.getLocalAddress(), socketChannel.getRemoteAddress()));
             sslEngine.closeOutbound();
-            return true;
+            return new HandshakeHolder(peerAppData, peerNetData, true);
+        }
+        if (result == null) {
+            return new HandshakeHolder(peerAppData, peerNetData, false);
         }
         switch (result.getStatus()) {
             case OK:
@@ -521,7 +524,7 @@ public class Link {
                 break;
             case CLOSED:
                 if (sslEngine.isOutboundDone()) {
-                    return false;
+                    return new HandshakeHolder(peerAppData, peerNetData, 
false);
                 } else {
                     sslEngine.closeOutbound();
                 }
@@ -529,15 +532,15 @@ public class Link {
             default:
                 throw new IllegalStateException("Invalid SSL status: " + 
result.getStatus());
         }
-        return true;
+        return new HandshakeHolder(peerAppData, peerNetData, true);
     }
 
-    private static boolean doHandshakeWrap(final SocketChannel socketChannel, 
final SSLEngine sslEngine,
+    private static HandshakeHolder doHandshakeWrap(final SocketChannel 
socketChannel, final SSLEngine sslEngine,
                                            ByteBuffer myAppData, ByteBuffer 
myNetData, ByteBuffer peerNetData,
                                            final int netBufferSize) throws 
IOException {
         if (socketChannel == null || sslEngine == null || myNetData == null || 
peerNetData == null
                 || myAppData == null || netBufferSize < 0) {
-            return false;
+            return new HandshakeHolder(myAppData, myNetData, false);
         }
         myNetData.clear();
         SSLEngineResult result = null;
@@ -547,7 +550,10 @@ public class Link {
             s_logger.error(String.format("SSL error caught during wrap data: 
%s, for local address=%s, remote address=%s.",
                     sslException.getMessage(), 
socketChannel.getLocalAddress(), socketChannel.getRemoteAddress()));
             sslEngine.closeOutbound();
-            return true;
+            return new HandshakeHolder(myAppData, myNetData, true);
+        }
+        if (result == null) {
+            return new HandshakeHolder(myAppData, myNetData, false);
         }
         switch (result.getStatus()) {
             case OK :
@@ -581,7 +587,7 @@ public class Link {
             default:
                 throw new IllegalStateException("Invalid SSL status: " + 
result.getStatus());
         }
-        return true;
+        return new HandshakeHolder(myAppData, myNetData, true);
     }
 
     public static boolean doHandshake(final SocketChannel socketChannel, final 
SSLEngine sslEngine) throws IOException {
@@ -609,12 +615,17 @@ public class Link {
             }
             switch (handshakeStatus) {
                 case NEED_UNWRAP:
-                    if (!doHandshakeUnwrap(socketChannel, sslEngine, 
peerAppData, peerNetData, appBufferSize)) {
+                    final HandshakeHolder unwrapResult = 
doHandshakeUnwrap(socketChannel, sslEngine, peerAppData, peerNetData, 
appBufferSize);
+                    peerAppData = unwrapResult.getAppDataBuffer();
+                    peerNetData = unwrapResult.getNetDataBuffer();
+                    if (!unwrapResult.isSuccess()) {
                         return false;
                     }
                     break;
                 case NEED_WRAP:
-                    if (!doHandshakeWrap(socketChannel, sslEngine,  myAppData, 
myNetData, peerNetData, netBufferSize)) {
+                    final HandshakeHolder wrapResult = 
doHandshakeWrap(socketChannel, sslEngine,  myAppData, myNetData, peerNetData, 
netBufferSize);
+                    myNetData = wrapResult.getNetDataBuffer();
+                    if (!wrapResult.isSuccess()) {
                         return false;
                     }
                     break;
@@ -639,4 +650,28 @@ public class Link {
         return true;
     }
 
+    private static class HandshakeHolder {
+        private ByteBuffer appData;
+        private ByteBuffer netData;
+        private boolean success = true;
+
+        HandshakeHolder(ByteBuffer appData, ByteBuffer netData, boolean 
success) {
+            this.appData = appData;
+            this.netData = netData;
+            this.success = success;
+        }
+
+        ByteBuffer getAppDataBuffer() {
+            return appData;
+        }
+
+        ByteBuffer getNetDataBuffer() {
+            return netData;
+        }
+
+        boolean isSuccess() {
+            return success;
+        }
+    }
+
 }

-- 
To stop receiving notification emails like this one, please contact
"commits@cloudstack.apache.org" <commits@cloudstack.apache.org>.

Reply via email to