You are viewing a plain text version of this content. The canonical link for it is here.
Posted to jira@kafka.apache.org by GitBox <gi...@apache.org> on 2020/08/17 01:47:41 UTC
[GitHub] [kafka] Spatterjaaay opened a new pull request #9188: break when dst is full so that unwrap isn't called when appreadbuffer…
Spatterjaaay opened a new pull request #9188:
URL: https://github.com/apache/kafka/pull/9188
… may have data
There are a couple of different situations which can result in
BUFFER_OVERFLOW on read with the current implementation, due to the
while loop structure (such as TLS compression with identical buffer
sizes, or buffers sizes that differ to optimize modes where the cipher
text is larger than the plain text.) The JDK documentation indicates
that a buffer of getApplicationBufferSize() bytes will be enough for a
single unwrap operation, but the SslTransportLayer loop may call unwrap
with an application buffer which isn't empty.
The current implementation will check dst for space and then move data
from the application buffer. It will then continue the loop and may try
to unwrap() again without verifying that there are
getApplicationBufferSize() bytes free in the application buffer. If,
instead, the loop moves data into dst, and then breaks the loop if dst
is full, then unwrap() should never be called with data in the
application buffer.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org