You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by ma...@apache.org on 2016/09/19 11:31:35 UTC

svn commit: r1761422 - in /tomcat/trunk: java/org/apache/tomcat/util/net/SecureNioChannel.java webapps/docs/changelog.xml

Author: markt
Date: Mon Sep 19 11:31:35 2016
New Revision: 1761422

URL: http://svn.apache.org/viewvc?rev=1761422&view=rev
Log:
Fail earlier if the client closes the connection during SNI processing.

Modified:
    tomcat/trunk/java/org/apache/tomcat/util/net/SecureNioChannel.java
    tomcat/trunk/webapps/docs/changelog.xml

Modified: tomcat/trunk/java/org/apache/tomcat/util/net/SecureNioChannel.java
URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/net/SecureNioChannel.java?rev=1761422&r1=1761421&r2=1761422&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/tomcat/util/net/SecureNioChannel.java (original)
+++ tomcat/trunk/java/org/apache/tomcat/util/net/SecureNioChannel.java Mon Sep 19 11:31:35 2016
@@ -148,14 +148,19 @@ public class SecureNioChannel extends Ni
     }
 
     /**
-     * Performs SSL handshake, non blocking, but performs NEED_TASK on the same thread.<br>
-     * Hence, you should never call this method using your Acceptor thread, as you would slow down
-     * your system significantly.<br>
-     * The return for this operation is 0 if the handshake is complete and a positive value if it is not complete.
-     * In the event of a positive value coming back, reregister the selection key for the return values interestOps.
+     * Performs SSL handshake, non blocking, but performs NEED_TASK on the same
+     * thread. Hence, you should never call this method using your Acceptor
+     * thread, as you would slow down your system significantly. If the return
+     * value from this method is positive, the selection key should be
+     * registered interestOps given by the return value.
+     *
      * @param read boolean - true if the underlying channel is readable
      * @param write boolean - true if the underlying channel is writable
-     * @return int - 0 if hand shake is complete, otherwise it returns a SelectionKey interestOps value
+     *
+     * @return 0 if hand shake is complete, -1 if an error (other than an
+     *         IOException) occurred, otherwise it returns a SelectionKey
+     *         interestOps value
+     *
      * @throws IOException If an I/O error occurs during the handshake or if the
      *                     handshake fails during wrapping or unwrapping
      */
@@ -254,14 +259,19 @@ public class SecureNioChannel extends Ni
      * Peeks at the initial network bytes to determine if the SNI extension is
      * present and, if it is, what host name has been requested. Based on the
      * provided host name, configure the SSLEngine for this connection.
+     *
+     * @return 0 if SNI processing is complete, -1 if an error (other than an
+     *         IOException) occurred, otherwise it returns a SelectionKey
+     *         interestOps value
+     *
+     * @throws IOException If an I/O error occurs during the SNI processing
      */
     private int processSNI() throws IOException {
         // Read some data into the network input buffer so we can peek at it.
         int bytesRead = sc.read(netInBuffer);
         if (bytesRead == -1) {
-            // Reached end of stream before SNI could be processed. Treat this
-            // as if no SNI was present.
-            return 0;
+            // Reached end of stream before SNI could be processed.
+            return -1;
         }
         TLSClientHelloExtractor extractor = new TLSClientHelloExtractor(netInBuffer);
 

Modified: tomcat/trunk/webapps/docs/changelog.xml
URL: http://svn.apache.org/viewvc/tomcat/trunk/webapps/docs/changelog.xml?rev=1761422&r1=1761421&r2=1761422&view=diff
==============================================================================
--- tomcat/trunk/webapps/docs/changelog.xml (original)
+++ tomcat/trunk/webapps/docs/changelog.xml Mon Sep 19 11:31:35 2016
@@ -87,6 +87,10 @@
         track this. This removes the possibility that blocking the non-container
         thread could trigger a deadlock. (markt)
       </add>
+      <fix>
+        Fail earlier if the client closes the connection during SNI processing.
+        (markt)
+      </fix>
     </changelog>
   </subsection>
   <subsection name="Jasper">



---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org