You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@hc.apache.org by "Jason Mathison (Jira)" <ji...@apache.org> on 2021/11/04 03:09:00 UTC

[jira] [Created] (HTTPCORE-694) Endless loop when encrypted buffer larger than plaintext buffer

Jason Mathison created HTTPCORE-694:
---------------------------------------

             Summary: Endless loop when encrypted buffer larger than plaintext buffer
                 Key: HTTPCORE-694
                 URL: https://issues.apache.org/jira/browse/HTTPCORE-694
             Project: HttpComponents HttpCore
          Issue Type: Bug
          Components: HttpCore
    Affects Versions: 5.2-alpha1, 5.1.2
            Reporter: Jason Mathison


We are having an issue where SSLIOSession::decryptData will effectively become an endless loop when the size of the inEncryptedBuf buffer is larger than the size of the inPlainBuf. 

In this scenario the doUnwrap completely fills up the inPlainBuf.  This causes the 
if (inPlainBuf.hasRemaining())
to return false and never clear anything out of the inPlainBuf buffer.

From what we can tell the 
if (inPlainBuf.hasRemaining()) {

 

This issue shows up when we use BouncyCastle for FIPS validated TLS, along with an intentionally large response. 



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@hc.apache.org
For additional commands, e-mail: dev-help@hc.apache.org