You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@kafka.apache.org by "ASF GitHub Bot (JIRA)" <ji...@apache.org> on 2015/09/11 12:30:45 UTC

[jira] [Commented] (KAFKA-2534) SSLTransportLayer does not handle buffer overflow correctly

    [ https://issues.apache.org/jira/browse/KAFKA-2534?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14740540#comment-14740540 ] 

ASF GitHub Bot commented on KAFKA-2534:
---------------------------------------

GitHub user rajinisivaram opened a pull request:

    https://github.com/apache/kafka/pull/205

    KAFKA-2534: Fixes and unit tests for SSLTransportLayer buffer overflow

    Unit tests which mock buffer overflow and underflow in the SSL transport layer and fixes for the couple of issues in buffer overflow handling described in the JIRA.

You can merge this pull request into a Git repository by running:

    $ git pull https://github.com/rajinisivaram/kafka KAFKA-2534

Alternatively you can review and apply these changes as the patch at:

    https://github.com/apache/kafka/pull/205.patch

To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:

    This closes #205
    
----
commit 260b0bba5b906e96f3acc637ae1ece1c3cc5ec83
Author: Rajini Sivaram <ra...@googlemail.com>
Date:   2015-09-11T10:03:29Z

    KAFKA-2534: Fixes and unit tests for SSLTransportLayer buffer overflow

----


> SSLTransportLayer does not handle buffer overflow correctly
> -----------------------------------------------------------
>
>                 Key: KAFKA-2534
>                 URL: https://issues.apache.org/jira/browse/KAFKA-2534
>             Project: Kafka
>          Issue Type: Bug
>          Components: network
>    Affects Versions: 0.8.3
>            Reporter: Rajini Sivaram
>            Assignee: Rajini Sivaram
>             Fix For: 0.8.3
>
>
> There are a couple of issues with the handling of buffer overflow in {{SSLTransportLayer}}.
> # {{netWriteBuffer}} is flipped immediately after {{wrap()}}, leaving the data ready for writing onto the socket channel. If {{netWriteBuffer}} is expanded because {{wrap()}} returns BUFFER_OVERFLOW, the expanded buffer needs to be un-flipped before expansion and flipped afterwards to leave the resulting buffer in the same state. The current implementation does not do this and hence the expanded buffer is not as expected.
> # If {{handshakeUnwrap()}} returns a BUFFER_OVERFLOW because application buffer needs to be expanded, the current implementation expands the buffer and returns from the {{handshake()}} call. Since handshake data was already read from the network, this can result in the handshake never completing if no more data is received on the channel. {{handshakeUnwrap()}} should be invoked after application buffer expansion to process data that has already arrived.
> I will submit a PR with fixes for these along with unit tests which demonstrate these issues. I am not sure it is easy to trigger buffer overflow/underflow in a system test. Since these code paths are currently untested, unit tests which mock these scenarios may be useful.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)