You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by re...@apache.org on 2017/07/07 16:35:26 UTC
svn commit: r1801195 -
/tomcat/trunk/java/org/apache/tomcat/util/net/openssl/OpenSSLEngine.java
Author: remm
Date: Fri Jul 7 16:35:26 2017
New Revision: 1801195
URL: http://svn.apache.org/viewvc?rev=1801195&view=rev
Log:
Fix some bad sync in OpenSSLEngine, any async use of the ssl pointer could cause a crash. It shouldn't happen as the engine is not directly accessible, but the cost is very low.
Modified:
tomcat/trunk/java/org/apache/tomcat/util/net/openssl/OpenSSLEngine.java
Modified: tomcat/trunk/java/org/apache/tomcat/util/net/openssl/OpenSSLEngine.java
URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/net/openssl/OpenSSLEngine.java?rev=1801195&r1=1801194&r2=1801195&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/tomcat/util/net/openssl/OpenSSLEngine.java (original)
+++ tomcat/trunk/java/org/apache/tomcat/util/net/openssl/OpenSSLEngine.java Fri Jul 7 16:35:26 2017
@@ -677,7 +677,10 @@ public final class OpenSSLEngine extends
}
@Override
- public String[] getEnabledCipherSuites() {
+ public synchronized String[] getEnabledCipherSuites() {
+ if (destroyed) {
+ return new String[0];
+ }
String[] enabled = SSL.getCiphers(ssl);
if (enabled == null) {
return new String[0];
@@ -693,10 +696,13 @@ public final class OpenSSLEngine extends
}
@Override
- public void setEnabledCipherSuites(String[] cipherSuites) {
+ public synchronized void setEnabledCipherSuites(String[] cipherSuites) {
if (cipherSuites == null) {
throw new IllegalArgumentException(sm.getString("engine.nullCipherSuite"));
}
+ if (destroyed) {
+ return;
+ }
final StringBuilder buf = new StringBuilder();
for (String cipherSuite : cipherSuites) {
if (cipherSuite == null) {
@@ -733,7 +739,10 @@ public final class OpenSSLEngine extends
}
@Override
- public String[] getEnabledProtocols() {
+ public synchronized String[] getEnabledProtocols() {
+ if (destroyed) {
+ return new String[0];
+ }
List<String> enabled = new ArrayList<>();
// Seems like there is no way to explicitly disable SSLv2Hello in OpenSSL so it is always enabled
enabled.add(Constants.SSL_PROTO_SSLv2Hello);
@@ -762,11 +771,14 @@ public final class OpenSSLEngine extends
}
@Override
- public void setEnabledProtocols(String[] protocols) {
+ public synchronized void setEnabledProtocols(String[] protocols) {
if (protocols == null) {
// This is correct from the API docs
throw new IllegalArgumentException();
}
+ if (destroyed) {
+ return;
+ }
boolean sslv2 = false;
boolean sslv3 = false;
boolean tlsv1 = false;
@@ -1252,12 +1264,12 @@ public final class OpenSSLEngine extends
@Override
public String getCipherSuite() {
- if (!handshakeFinished) {
- return INVALID_CIPHER;
- }
if (cipher == null) {
String ciphers;
synchronized (OpenSSLEngine.this) {
+ if (!handshakeFinished) {
+ return INVALID_CIPHER;
+ }
if (destroyed) {
return INVALID_CIPHER;
}
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org