You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@mina.apache.org by el...@apache.org on 2016/01/20 20:13:06 UTC

[2/2] mina git commit: Applied Radovan patch

Applied Radovan patch


Project: http://git-wip-us.apache.org/repos/asf/mina/repo
Commit: http://git-wip-us.apache.org/repos/asf/mina/commit/26c894d9
Tree: http://git-wip-us.apache.org/repos/asf/mina/tree/26c894d9
Diff: http://git-wip-us.apache.org/repos/asf/mina/diff/26c894d9

Branch: refs/heads/2.0
Commit: 26c894d992d8581db966e161ea35e87f6670350d
Parents: 4be64ae
Author: Emmanuel Lécharny <el...@symas.com>
Authored: Wed Jan 20 20:13:23 2016 +0100
Committer: Emmanuel Lécharny <el...@symas.com>
Committed: Wed Jan 20 20:13:23 2016 +0100

----------------------------------------------------------------------
 .../main/java/org/apache/mina/filter/ssl/SslHandler.java  | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/mina/blob/26c894d9/mina-core/src/main/java/org/apache/mina/filter/ssl/SslHandler.java
----------------------------------------------------------------------
diff --git a/mina-core/src/main/java/org/apache/mina/filter/ssl/SslHandler.java b/mina-core/src/main/java/org/apache/mina/filter/ssl/SslHandler.java
index 973fd10..b3aaa3a 100644
--- a/mina-core/src/main/java/org/apache/mina/filter/ssl/SslHandler.java
+++ b/mina-core/src/main/java/org/apache/mina/filter/ssl/SslHandler.java
@@ -748,7 +748,15 @@ class SslHandler {
             if (status == SSLEngineResult.Status.BUFFER_OVERFLOW) {
                 // We have to grow the target buffer, it's too small.
                 // Then we can call the unwrap method again
-                appBuffer.capacity(sslEngine.getSession().getApplicationBufferSize());
+                int newCapacity = sslEngine.getSession().getApplicationBufferSize();
+                
+                if (appBuffer.remaining() >= newCapacity) {
+                    // The buffer is already larger than the max buffer size suggested by the SSL engine.
+                    // Raising it any more will not make sense and it will end up in an endless loop. Throwing an error is safer
+                    throw new SSLException("SSL buffer overflow");
+                }
+
+                appBuffer.capacity(newCapacity);
                 appBuffer.limit(appBuffer.capacity());
                 continue;
             }