tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Rémy Maucherat <r...@apache.org>
Subject Re: svn commit: r1727992 - in /tomcat/trunk: java/org/apache/tomcat/util/net/SecureNioChannel.java webapps/docs/changelog.xml
Date Mon, 01 Feb 2016 23:46:12 GMT
2016-02-01 20:47 GMT+01:00 <markt@apache.org>:

> Author: markt
> Date: Mon Feb  1 19:47:13 2016
> New Revision: 1727992
>
> URL: http://svn.apache.org/viewvc?rev=1727992&view=rev
> Log:
> Fix a consistent unit test failure on OSX (no idea why it started to
> appear now)
> Handle the case where the required TLS buffer increases after the
> connection has been initiated.
>

Well, the design is so wrong. BTW, what is the
getSession().getApplicationBufferSize() value here ? And that's with
OpenSSL or JSSE ?

Rémy

>
> Modified:
>     tomcat/trunk/java/org/apache/tomcat/util/net/SecureNioChannel.java
>     tomcat/trunk/webapps/docs/changelog.xml
>
> Modified:
> tomcat/trunk/java/org/apache/tomcat/util/net/SecureNioChannel.java
> URL:
> http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/net/SecureNioChannel.java?rev=1727992&r1=1727991&r2=1727992&view=diff
>
> ==============================================================================
> --- tomcat/trunk/java/org/apache/tomcat/util/net/SecureNioChannel.java
> (original)
> +++ tomcat/trunk/java/org/apache/tomcat/util/net/SecureNioChannel.java Mon
> Feb  1 19:47:13 2016
> @@ -558,18 +558,33 @@ public class SecureNioChannel extends Ni
>                  if (unwrap.getStatus() == Status.BUFFER_UNDERFLOW) {
>                      break;
>                  }
> -            } else if (unwrap.getStatus() == Status.BUFFER_OVERFLOW &&
> read > 0) {
> -                //buffer overflow can happen, if we have read data, then
> -                //empty out the dst buffer before we do another read
> -                break;
> +            } else if (unwrap.getStatus() == Status.BUFFER_OVERFLOW) {
> +                if (read > 0) {
> +                    // Buffer overflow can happen if we have read data.
> Return
> +                    // so the destination buffer can be emptied before
> another
> +                    // read is attempted
> +                    break;
> +                } else {
> +                    // The SSL session has increased the required buffer
> size
> +                    // since the buffer was created.
> +                    if (dst ==
> socket.getSocketBufferHandler().getReadBuffer()) {
> +                        // This is the normal case for this code
> +                        socket.getSocketBufferHandler().expand(
> +
> sslEngine.getSession().getApplicationBufferSize());
> +                        dst =
> socket.getSocketBufferHandler().getReadBuffer();
> +                    } else {
> +                        // Can't expand the buffer as there is no way to
> signal
> +                        // to the caller that the buffer has been
> replaced.
> +                        throw new IOException(
> +
> sm.getString("channel.nio.ssl.unwrapFail", unwrap.getStatus()));
> +                    }
> +                }
>              } else {
> -                //here we should trap BUFFER_OVERFLOW and call expand on
> the buffer
> -                //for now, throw an exception, as we initialized the
> buffers
> -                //in the constructor
> +                // Something else went wrong
>                  throw new
> IOException(sm.getString("channel.nio.ssl.unwrapFail", unwrap.getStatus()));
>              }
> -        } while ( (netInBuffer.position() != 0)); //continue to
> unwrapping as long as the input buffer has stuff
> -        return (read);
> +        } while (netInBuffer.position() != 0); //continue to unwrapping
> as long as the input buffer has stuff
> +        return read;
>      }
>
>      /**
>
> Modified: tomcat/trunk/webapps/docs/changelog.xml
> URL:
> http://svn.apache.org/viewvc/tomcat/trunk/webapps/docs/changelog.xml?rev=1727992&r1=1727991&r2=1727992&view=diff
>
> ==============================================================================
> --- tomcat/trunk/webapps/docs/changelog.xml (original)
> +++ tomcat/trunk/webapps/docs/changelog.xml Mon Feb  1 19:47:13 2016
> @@ -99,6 +99,10 @@
>          New configuration option <code>ajpFlush</code> for the AJP
> connectors
>          to disable the sending of AJP flush packets. (rjung)
>        </add>
> +      <fix>
> +        Handle the case in the NIO connector where the required TLS
> buffer sizes
> +        increase after the connection has been initiated. (markt)
> +      </fix>
>      </changelog>
>    </subsection>
>  </section>
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: dev-help@tomcat.apache.org
>
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message