You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@mina.apache.org by el...@apache.org on 2016/01/20 20:13:06 UTC
[2/2] mina git commit: Applied Radovan patch
Applied Radovan patch
Project: http://git-wip-us.apache.org/repos/asf/mina/repo
Commit: http://git-wip-us.apache.org/repos/asf/mina/commit/26c894d9
Tree: http://git-wip-us.apache.org/repos/asf/mina/tree/26c894d9
Diff: http://git-wip-us.apache.org/repos/asf/mina/diff/26c894d9
Branch: refs/heads/2.0
Commit: 26c894d992d8581db966e161ea35e87f6670350d
Parents: 4be64ae
Author: Emmanuel Lécharny <el...@symas.com>
Authored: Wed Jan 20 20:13:23 2016 +0100
Committer: Emmanuel Lécharny <el...@symas.com>
Committed: Wed Jan 20 20:13:23 2016 +0100
----------------------------------------------------------------------
.../main/java/org/apache/mina/filter/ssl/SslHandler.java | 10 +++++++++-
1 file changed, 9 insertions(+), 1 deletion(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/mina/blob/26c894d9/mina-core/src/main/java/org/apache/mina/filter/ssl/SslHandler.java
----------------------------------------------------------------------
diff --git a/mina-core/src/main/java/org/apache/mina/filter/ssl/SslHandler.java b/mina-core/src/main/java/org/apache/mina/filter/ssl/SslHandler.java
index 973fd10..b3aaa3a 100644
--- a/mina-core/src/main/java/org/apache/mina/filter/ssl/SslHandler.java
+++ b/mina-core/src/main/java/org/apache/mina/filter/ssl/SslHandler.java
@@ -748,7 +748,15 @@ class SslHandler {
if (status == SSLEngineResult.Status.BUFFER_OVERFLOW) {
// We have to grow the target buffer, it's too small.
// Then we can call the unwrap method again
- appBuffer.capacity(sslEngine.getSession().getApplicationBufferSize());
+ int newCapacity = sslEngine.getSession().getApplicationBufferSize();
+
+ if (appBuffer.remaining() >= newCapacity) {
+ // The buffer is already larger than the max buffer size suggested by the SSL engine.
+ // Raising it any more will not make sense and it will end up in an endless loop. Throwing an error is safer
+ throw new SSLException("SSL buffer overflow");
+ }
+
+ appBuffer.capacity(newCapacity);
appBuffer.limit(appBuffer.capacity());
continue;
}