You are viewing a plain text version of this content. The canonical link for it is here.

Posted to ftpserver-dev@incubator.apache.org by "Steve Jones (JIRA)" <ji...@apache.org> on 2007/06/05 01:37:26 UTC

[jira] Created: (FTPSERVER-91) SSL handshake failure causes deadlock

SSL handshake failure causes deadlock
-------------------------------------

                 Key: FTPSERVER-91
                 URL: https://issues.apache.org/jira/browse/FTPSERVER-91
             Project: FtpServer
          Issue Type: Bug
          Components: Core
    Affects Versions: 1.0-M2
            Reporter: Steve Jones


When using the Mina listener with SSL the ftp server can "deadlock" when the SSL handshake fails.

This is easily reproducible by connecting to an implicit SSL FTPS server using a non SSL FTP client.

Each connection attempt will permanently utilize a server connection until the server is restarted.

The issue is that until the SSL handshake is completed all FTP responses are buffered. This is a problem since the "MinaFtpResponseOutput" class blocks until the response is actually written to the client (which it never is). 

The "CLOSE" connection event is never processed since the worker "thread" is blocked waiting for the handshake to complete and the initial response to be written.

Modifying the "MinaFtpResponseOutput" class as shown below appears to fix the issue, but I'm not sure if changing this to non-blocking will cause other issues. An alternative approach may be to timeout the SSL handshake after a few seconds (e.g. using join(5000))

--- core/src/java/org/apache/ftpserver/listener/mina/MinaFtpResponseOutput.java (revision 543677)
+++ core/src/java/org/apache/ftpserver/listener/mina/MinaFtpResponseOutput.java (working copy)
@@ -40,7 +40,7 @@
     }
 
     public void write(FtpReply response) throws IOException {
-        session.write(response).join();
+        session.write(response);
     }



-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

[jira] Closed: (FTPSERVER-91) SSL handshake failure causes deadlock

Posted by "Niklas Gustavsson (JIRA)" <ji...@apache.org>.

     [ https://issues.apache.org/jira/browse/FTPSERVER-91?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Niklas Gustavsson closed FTPSERVER-91.
--------------------------------------

    Resolution: Fixed

Patch was applied and commited i rev 545139 . Thanks for the report!

> SSL handshake failure causes deadlock
> -------------------------------------
>
>                 Key: FTPSERVER-91
>                 URL: https://issues.apache.org/jira/browse/FTPSERVER-91
>             Project: FtpServer
>          Issue Type: Bug
>          Components: Core
>    Affects Versions: 1.0-M1
>            Reporter: Steve Jones
>            Assignee: Niklas Gustavsson
>             Fix For: 1.0-M2
>
>
> When using the Mina listener with SSL the ftp server can "deadlock" when the SSL handshake fails.
> This is easily reproducible by connecting to an implicit SSL FTPS server using a non SSL FTP client.
> Each connection attempt will permanently utilize a server connection until the server is restarted.
> The issue is that until the SSL handshake is completed all FTP responses are buffered. This is a problem since the "MinaFtpResponseOutput" class blocks until the response is actually written to the client (which it never is). 
> The "CLOSE" connection event is never processed since the worker "thread" is blocked waiting for the handshake to complete and the initial response to be written.
> Modifying the "MinaFtpResponseOutput" class as shown below appears to fix the issue, but I'm not sure if changing this to non-blocking will cause other issues. An alternative approach may be to timeout the SSL handshake after a few seconds (e.g. using join(5000))
> --- core/src/java/org/apache/ftpserver/listener/mina/MinaFtpResponseOutput.java (revision 543677)
> +++ core/src/java/org/apache/ftpserver/listener/mina/MinaFtpResponseOutput.java (working copy)
> @@ -40,7 +40,7 @@
>      }
>  
>      public void write(FtpReply response) throws IOException {
> -        session.write(response).join();
> +        session.write(response);
>      }

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

[jira] Updated: (FTPSERVER-91) SSL handshake failure causes deadlock

Posted by "Niklas Gustavsson (JIRA)" <ji...@apache.org>.

     [ https://issues.apache.org/jira/browse/FTPSERVER-91?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Niklas Gustavsson updated FTPSERVER-91:
---------------------------------------

        Fix Version/s: 1.0-M2
             Assignee: Niklas Gustavsson
    Affects Version/s:     (was: 1.0-M2)
                       1.0-M1

> SSL handshake failure causes deadlock
> -------------------------------------
>
>                 Key: FTPSERVER-91
>                 URL: https://issues.apache.org/jira/browse/FTPSERVER-91
>             Project: FtpServer
>          Issue Type: Bug
>          Components: Core
>    Affects Versions: 1.0-M1
>            Reporter: Steve Jones
>            Assignee: Niklas Gustavsson
>             Fix For: 1.0-M2
>
>
> When using the Mina listener with SSL the ftp server can "deadlock" when the SSL handshake fails.
> This is easily reproducible by connecting to an implicit SSL FTPS server using a non SSL FTP client.
> Each connection attempt will permanently utilize a server connection until the server is restarted.
> The issue is that until the SSL handshake is completed all FTP responses are buffered. This is a problem since the "MinaFtpResponseOutput" class blocks until the response is actually written to the client (which it never is). 
> The "CLOSE" connection event is never processed since the worker "thread" is blocked waiting for the handshake to complete and the initial response to be written.
> Modifying the "MinaFtpResponseOutput" class as shown below appears to fix the issue, but I'm not sure if changing this to non-blocking will cause other issues. An alternative approach may be to timeout the SSL handshake after a few seconds (e.g. using join(5000))
> --- core/src/java/org/apache/ftpserver/listener/mina/MinaFtpResponseOutput.java (revision 543677)
> +++ core/src/java/org/apache/ftpserver/listener/mina/MinaFtpResponseOutput.java (working copy)
> @@ -40,7 +40,7 @@
>      }
>  
>      public void write(FtpReply response) throws IOException {
> -        session.write(response).join();
> +        session.write(response);
>      }

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.