[GitHub] [kafka] Spatterjaaay opened a new pull request #9188: break when dst is full so that unwrap isn't called when appreadbuffer…

[GitBox <gi...@apache.org>]

Spatterjaaay opened a new pull request #9188:
URL: https://github.com/apache/kafka/pull/9188


   … may have data
   
   There are a couple of different situations which can result in
   BUFFER_OVERFLOW on read with the current implementation, due to the
   while loop structure (such as TLS compression with identical buffer
   sizes, or buffers sizes that differ to optimize modes where the cipher
   text is larger than the plain text.)  The JDK documentation indicates
   that a buffer of getApplicationBufferSize() bytes will be enough for a
   single unwrap operation, but the SslTransportLayer loop may call unwrap
   with an application buffer which isn't empty.
   
   The current implementation will check dst for space and then move data
   from the application buffer.  It will then continue the loop and may try
   to unwrap() again without verifying that there are
   getApplicationBufferSize() bytes free in the application buffer. If,
   instead, the loop moves data into dst, and then breaks the loop if dst
   is full, then unwrap() should never be called with data in the
   application buffer.
   


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org