You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@mina.apache.org by "Emmanuel Lecharny (JIRA)" <ji...@apache.org> on 2015/07/28 11:25:04 UTC
[jira] [Commented] (DIRMINA-1017) SSLEngine BUFFER_OVERFLOW
(unwrap)
[ https://issues.apache.org/jira/browse/DIRMINA-1017?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14644105#comment-14644105 ]
Emmanuel Lecharny commented on DIRMINA-1017:
--------------------------------------------
Not sure I get it : is it crashing for you, or is it just that we loop until we have a buffer big enough for the unwrap to be done ?
In any case, the suggested modification sounds better (still have to review it carefully). I already ran the tests with it, all green.
Thanks !
> SSLEngine BUFFER_OVERFLOW (unwrap)
> ----------------------------------
>
> Key: DIRMINA-1017
> URL: https://issues.apache.org/jira/browse/DIRMINA-1017
> Project: MINA
> Issue Type: Bug
> Components: SSL
> Affects Versions: 2.0.9
> Environment: Android
> Reporter: Terence Marks
> Fix For: 2.0.10
>
> Original Estimate: 24h
> Remaining Estimate: 24h
>
> I've discovered an issue with the SslHandler class when the unwrap method is called on the local SSLEngine member (SslHandler.sslEngine).
> If the returned status is SSLEngineResult.Status.BUFFER_OVERFLOW, the capacity of the output buffer (SslHandler.appBuffer) can be increased to a size which still may is not large enough for the result.
> I have reproduced this issue consistently by sending a 4k frame over TLS1.2 to an android device. The frame gets heavily fragmented, sometimes into 6 frames, and the SSLEngine does not unwrap the frame until all the bytes have been received (since the hash is based on the entire frame).
> Since the frame gets heavily fragmented, the last segment of the frame can be lower than 2048 bytes. Hence by increasing the capacity by << 1, the output buffer will still be under the required size. (Have a look through SslHandler source for "appBuffer.capacity(appBuffer.capacity() << 1);")
> Anyway, the fix is really easy. Change the line:
> appBuffer.capacity(appBuffer.capacity() << 1);
> to:
> appBuffer.capacity(sslEngine.getSession().getApplicationBufferSize());
> This is actually in the java docs (http://docs.oracle.com/javase/7/docs/api/javax/net/ssl/SSLEngine.html) for the overflow buffer case.
> Hope this helps,
> Terence
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)