You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by ma...@apache.org on 2022/05/23 09:17:14 UTC

[tomcat] branch 9.0.x updated: Fix BZ 66076. Non-blocking flush with TLS+NIO must flush network buffer

This is an automated email from the ASF dual-hosted git repository.

markt pushed a commit to branch 9.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git


The following commit(s) were added to refs/heads/9.0.x by this push:
     new b311c0a0ac Fix BZ 66076. Non-blocking flush with TLS+NIO must flush network buffer
b311c0a0ac is described below

commit b311c0a0acc33d0d6530c92e6b1f0f5906b62144
Author: Mark Thomas <ma...@apache.org>
AuthorDate: Mon May 23 10:17:02 2022 +0100

    Fix BZ 66076. Non-blocking flush with TLS+NIO must flush network buffer
    
    https://bz.apache.org/bugzilla/show_bug.cgi?id=66076
---
 java/org/apache/tomcat/util/net/NioEndpoint.java   | 24 ++++++++++++++++++----
 .../apache/tomcat/util/net/SocketWrapperBase.java  | 14 +++++++++++++
 webapps/docs/changelog.xml                         |  9 ++++++++
 3 files changed, 43 insertions(+), 4 deletions(-)

diff --git a/java/org/apache/tomcat/util/net/NioEndpoint.java b/java/org/apache/tomcat/util/net/NioEndpoint.java
index 78f4d3ca53..b8b6d4339d 100644
--- a/java/org/apache/tomcat/util/net/NioEndpoint.java
+++ b/java/org/apache/tomcat/util/net/NioEndpoint.java
@@ -1345,20 +1345,20 @@ public class NioEndpoint extends AbstractJsseEndpoint<NioChannel,SocketChannel>
 
         @Override
         protected boolean flushNonBlocking() throws IOException {
-            boolean dataLeft = !socketBufferHandler.isWriteBufferEmpty();
+            boolean dataLeft = socketOrNetworkBufferHasDataLeft();
 
             // Write to the socket, if there is anything to write
             if (dataLeft) {
                 doWrite(false);
-                dataLeft = !socketBufferHandler.isWriteBufferEmpty();
+                dataLeft = socketOrNetworkBufferHasDataLeft();
             }
 
             if (!dataLeft && !nonBlockingWriteBuffer.isEmpty()) {
                 dataLeft = nonBlockingWriteBuffer.write(this, false);
 
-                if (!dataLeft && !socketBufferHandler.isWriteBufferEmpty()) {
+                if (!dataLeft && socketOrNetworkBufferHasDataLeft()) {
                     doWrite(false);
-                    dataLeft = !socketBufferHandler.isWriteBufferEmpty();
+                    dataLeft = socketOrNetworkBufferHasDataLeft();
                 }
             }
 
@@ -1366,6 +1366,22 @@ public class NioEndpoint extends AbstractJsseEndpoint<NioChannel,SocketChannel>
         }
 
 
+        /*
+         * https://bz.apache.org/bugzilla/show_bug.cgi?id=66076
+         *
+         * When using TLS an additional buffer is used for the encrypted data
+         * before it is written to the network. It is possible for this network
+         * output buffer to contain data while the socket write buffer is empty.
+         *
+         * For NIO with non-blocking I/O, this case is handling by ensuring that
+         * flush only returns false (i.e. no data left to flush) if all buffers
+         * are empty.
+         */
+        private boolean socketOrNetworkBufferHasDataLeft() {
+            return !socketBufferHandler.isWriteBufferEmpty() || getSocket().getOutboundRemaining() > 0;
+        }
+
+
         @Override
         protected void doWrite(boolean block, ByteBuffer buffer) throws IOException {
             int n = 0;
diff --git a/java/org/apache/tomcat/util/net/SocketWrapperBase.java b/java/org/apache/tomcat/util/net/SocketWrapperBase.java
index 67a6d0f08d..bcb0119fc6 100644
--- a/java/org/apache/tomcat/util/net/SocketWrapperBase.java
+++ b/java/org/apache/tomcat/util/net/SocketWrapperBase.java
@@ -722,6 +722,12 @@ public abstract class SocketWrapperBase<E> {
     }
 
 
+    /**
+     * Writes all remaining data from the buffers and blocks until the write is
+     * complete.
+     *
+     * @throws IOException If an IO error occurs during the write
+     */
     protected void flushBlocking() throws IOException {
         doWrite(true);
 
@@ -736,6 +742,14 @@ public abstract class SocketWrapperBase<E> {
     }
 
 
+    /**
+     * Writes as much data as possible from any that remains in the buffers.
+     *
+     * @return <code>true</code> if data remains to be flushed after this method
+     *         completes, otherwise <code>false</code>.
+     *
+     * @throws IOException If an IO error occurs during the write
+     */
     protected abstract boolean flushNonBlocking() throws IOException;
 
 
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index 5e6fa49603..24c8a20c36 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -126,6 +126,15 @@
       </fix>
     </changelog>
   </subsection>
+  <subsection name="Coyote">
+    <changelog>
+      <fix>
+        <bug>66076</bug>: When using TLS with non-blocking writes and the NIO
+        connector, ensure that flushing the buffers attempts to empty all of the
+        output buffers. (markt)
+      </fix>
+    </changelog>
+  </subsection>
   <subsection name="Jasper">
     <changelog>
       <fix>


---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org