You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@activemq.apache.org by "Jean-Baptiste Onofré (Jira)" <ji...@apache.org> on 2021/06/04 04:26:00 UTC
[jira] [Assigned] (AMQ-8288) Review NIOSSLTransport thread safety
[ https://issues.apache.org/jira/browse/AMQ-8288?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Jean-Baptiste Onofré reassigned AMQ-8288:
-----------------------------------------
Assignee: Jean-Baptiste Onofré
> Review NIOSSLTransport thread safety
> ------------------------------------
>
> Key: AMQ-8288
> URL: https://issues.apache.org/jira/browse/AMQ-8288
> Project: ActiveMQ
> Issue Type: Task
> Affects Versions: 5.17.0
> Reporter: Matt Pavlovich
> Assignee: Jean-Baptiste Onofré
> Priority: Major
>
> Moving the synchronized down to secureRead() removes a pseudo-de-facto synchronization on doHandshake() which is the only place handshakeInProgress = true (L424) appears to be assigned. Then finishHandshake() assigns the sslSession (L242).
> There is a -minor- tiny risk that the sslSession is swapped out from underneath doHandshake. If the getApplicationBufferSize() changes to result in a BUFFER_OVERFLOW.
> Investigate the need to improve the concurrency of the sslSession pointer assignment b/w doHandshake() and finishHandshake(), given secureRead() has a condition where it can invoke finishHandshake()
> ref: [SSLSesssionImpl.getApplicationBufferSize()](https://github.com/openjdk/jdk/blob/476775808f82a4b0d42ac58fdb801812b54e01a1/src/java.base/share/classes/sun/security/ssl/SSLSessionImpl.java#L1399)
> has deterministic logic of the size based on various factors.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)