You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@activemq.apache.org by "Jean-Baptiste Onofré (Jira)" <ji...@apache.org> on 2021/06/04 04:26:00 UTC

[jira] [Assigned] (AMQ-8288) Review NIOSSLTransport thread safety

     [ https://issues.apache.org/jira/browse/AMQ-8288?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Jean-Baptiste Onofré reassigned AMQ-8288:
-----------------------------------------

    Assignee: Jean-Baptiste Onofré

> Review NIOSSLTransport thread safety
> ------------------------------------
>
>                 Key: AMQ-8288
>                 URL: https://issues.apache.org/jira/browse/AMQ-8288
>             Project: ActiveMQ
>          Issue Type: Task
>    Affects Versions: 5.17.0
>            Reporter: Matt Pavlovich
>            Assignee: Jean-Baptiste Onofré
>            Priority: Major
>
> Moving the synchronized down to secureRead() removes a pseudo-de-facto synchronization on doHandshake() which is the only place handshakeInProgress = true (L424) appears to be assigned. Then finishHandshake() assigns the sslSession (L242). 
> There is a -minor- tiny risk that the sslSession is swapped out from underneath doHandshake. If the getApplicationBufferSize() changes to result in a BUFFER_OVERFLOW. 
> Investigate the need to improve the concurrency of the sslSession pointer assignment b/w doHandshake() and finishHandshake(), given secureRead() has a condition where it can invoke finishHandshake()
> ref: [SSLSesssionImpl.getApplicationBufferSize()](https://github.com/openjdk/jdk/blob/476775808f82a4b0d42ac58fdb801812b54e01a1/src/java.base/share/classes/sun/security/ssl/SSLSessionImpl.java#L1399)
>  has deterministic logic of the size based on various factors.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)