[jira] [Updated] (HTTPCORE-417) Infinite loop in LengthDelimitedEncoder due to negative return from SSLIOSession.writePlain()

[Miles Spielberg (JIRA)]

     [ 
https://issues.apache.org/jira/browse/HTTPCORE-417?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Miles Spielberg updated HTTPCORE-417:
-------------------------------------
    Description: 
SSLIOSession.InternalByteChannel.write(ByteBuffer) does not obey the 
WriteableByteChannel contract. In writePlain(), if the channel is closed, -1 is 
returned, but WriteableByteChannel should throw ClosedChannelException in this 
case, and should certainly never return a negative value.

This leads to an infinite loop in LengthDelimitedEncoder.write(). 
AbstractContentEncoder.writeToChannel() returns the -1 from 
SSLIOSession.InternalByteChannel, and this causes remaining to grow without 
bound 
(https://hc.apache.org/httpcomponents-core-4.4.x/httpcore-nio/xref/org/apache/http/impl/nio/codecs/LengthDelimitedEncoder.html#133).

In my application, I see a stack trace similar to the following:

{code}
I/O dispatcher 2 tid=199 [RUNNABLE]
org.apache.http.nio.reactor.ssl.SSLIOSession.access$100(SSLIOSession, 
ByteBuffer) SSLIOSession.java:72
org.apache.http.nio.reactor.ssl.SSLIOSession$InternalByteChannel.write(ByteBuffer)
 SSLIOSession.java:811
org.apache.http.impl.nio.codecs.AbstractContentEncoder.doWriteChunk(ByteBuffer, 
boolean) AbstractContentEncoder.java:173
org.apache.http.impl.nio.codecs.AbstractContentEncoder.doWriteChunk(ByteBuffer, 
int, boolean) AbstractContentEncoder.java:166
org.apache.http.impl.nio.codecs.AbstractContentEncoder.writeToChannel(ByteBuffer,
 int) AbstractContentEncoder.java:140
org.apache.http.impl.nio.codecs.LengthDelimitedEncoder.write(ByteBuffer) 
LengthDelimitedEncoder.java:132
com.box.http.apacheasync.compat.request.ActorSubscriberContentProducer$ContentProducer$.produceContent(ContentEncoder,
 IOControl) ActorSubscriberContentProducer.scala:114
com.box.http.apacheasync.compat.request.RequestConverter$$anon$1.produceContent(ContentEncoder,
 IOControl) RequestConverter.scala:78
org.apache.http.nio.protocol.BasicAsyncRequestProducer.produceContent(ContentEncoder,
 IOControl) BasicAsyncRequestProducer.java:125
org.apache.http.impl.nio.client.MainClientExec.produceContent(InternalState, 
ContentEncoder, IOControl) MainClientExec.java:262
org.apache.http.impl.nio.client.DefaultClientExchangeHandlerImpl.produceContent(ContentEncoder,
 IOControl) DefaultClientExchangeHandlerImpl.java:136
org.apache.http.nio.protocol.HttpAsyncRequestExecutor.outputReady(NHttpClientConnection,
 ContentEncoder) HttpAsyncRequestExecutor.java:229
org.apache.http.impl.nio.DefaultNHttpClientConnection.produceOutput(NHttpClientEventHandler)
 DefaultNHttpClientConnection.java:292
org.apache.http.impl.nio.client.InternalIODispatch.onOutputReady(DefaultNHttpClientConnection)
 InternalIODispatch.java:86
org.apache.http.impl.nio.client.InternalIODispatch.onOutputReady(Object) 
InternalIODispatch.java:39
org.apache.http.impl.nio.reactor.AbstractIODispatch.outputReady(IOSession) 
AbstractIODispatch.java:154
org.apache.http.impl.nio.reactor.BaseIOReactor.writable(SelectionKey) 
BaseIOReactor.java:190
org.apache.http.impl.nio.reactor.AbstractIOReactor.processEvent(SelectionKey) 
AbstractIOReactor.java:343
org.apache.http.impl.nio.reactor.AbstractIOReactor.processEvents(Set) 
AbstractIOReactor.java:317
org.apache.http.impl.nio.reactor.AbstractIOReactor.execute() 
AbstractIOReactor.java:278
org.apache.http.impl.nio.reactor.BaseIOReactor.execute(IOEventDispatch) 
BaseIOReactor.java:106
org.apache.http.impl.nio.reactor.AbstractMultiworkerIOReactor$Worker.run() 
AbstractMultiworkerIOReactor.java:590
java.lang.Thread.run() Thread.java:744
{code}

  was:
SSLIOSession.InternalByteChannel.write(ByteBuffer) does not obey the 
WriteableByteChannel contract. In writePlain(), if the channel is closed, -1 is 
returned, but WriteableByteChannel should throw ClosedChannelException in this 
case, and should certainly never return a negative value.

This leads to an infinite loop in LengthDelimitedEncoder.write(). 
AbstractContentEncoder.writeToChannel() returns the -1 from 
SSLIOSession.InternalByteChannel, and this causes remaining to grow without 
bound 
(https://hc.apache.org/httpcomponents-core-4.4.x/httpcore-nio/xref/org/apache/http/impl/nio/codecs/LengthDelimitedEncoder.html#133).

In my application, I see a stack trace similar to the following:

[code]
 I/O dispatcher 2 tid=199 [RUNNABLE]
org.apache.http.nio.reactor.ssl.SSLIOSession.access$100(SSLIOSession, 
ByteBuffer) SSLIOSession.java:72
org.apache.http.nio.reactor.ssl.SSLIOSession$InternalByteChannel.write(ByteBuffer)
 SSLIOSession.java:811
org.apache.http.impl.nio.codecs.AbstractContentEncoder.doWriteChunk(ByteBuffer, 
boolean) AbstractContentEncoder.java:173
org.apache.http.impl.nio.codecs.AbstractContentEncoder.doWriteChunk(ByteBuffer, 
int, boolean) AbstractContentEncoder.java:166
org.apache.http.impl.nio.codecs.AbstractContentEncoder.writeToChannel(ByteBuffer,
 int) AbstractContentEncoder.java:140
org.apache.http.impl.nio.codecs.LengthDelimitedEncoder.write(ByteBuffer) 
LengthDelimitedEncoder.java:132
com.box.http.apacheasync.compat.request.ActorSubscriberContentProducer$ContentProducer$.produceContent(ContentEncoder,
 IOControl) ActorSubscriberContentProducer.scala:114
com.box.http.apacheasync.compat.request.RequestConverter$$anon$1.produceContent(ContentEncoder,
 IOControl) RequestConverter.scala:78
org.apache.http.nio.protocol.BasicAsyncRequestProducer.produceContent(ContentEncoder,
 IOControl) BasicAsyncRequestProducer.java:125
org.apache.http.impl.nio.client.MainClientExec.produceContent(InternalState, 
ContentEncoder, IOControl) MainClientExec.java:262
org.apache.http.impl.nio.client.DefaultClientExchangeHandlerImpl.produceContent(ContentEncoder,
 IOControl) DefaultClientExchangeHandlerImpl.java:136
org.apache.http.nio.protocol.HttpAsyncRequestExecutor.outputReady(NHttpClientConnection,
 ContentEncoder) HttpAsyncRequestExecutor.java:229
org.apache.http.impl.nio.DefaultNHttpClientConnection.produceOutput(NHttpClientEventHandler)
 DefaultNHttpClientConnection.java:292
org.apache.http.impl.nio.client.InternalIODispatch.onOutputReady(DefaultNHttpClientConnection)
 InternalIODispatch.java:86
org.apache.http.impl.nio.client.InternalIODispatch.onOutputReady(Object) 
InternalIODispatch.java:39
org.apache.http.impl.nio.reactor.AbstractIODispatch.outputReady(IOSession) 
AbstractIODispatch.java:154
org.apache.http.impl.nio.reactor.BaseIOReactor.writable(SelectionKey) 
BaseIOReactor.java:190
org.apache.http.impl.nio.reactor.AbstractIOReactor.processEvent(SelectionKey) 
AbstractIOReactor.java:343
org.apache.http.impl.nio.reactor.AbstractIOReactor.processEvents(Set) 
AbstractIOReactor.java:317
org.apache.http.impl.nio.reactor.AbstractIOReactor.execute() 
AbstractIOReactor.java:278
org.apache.http.impl.nio.reactor.BaseIOReactor.execute(IOEventDispatch) 
BaseIOReactor.java:106
org.apache.http.impl.nio.reactor.AbstractMultiworkerIOReactor$Worker.run() 
AbstractMultiworkerIOReactor.java:590
java.lang.Thread.run() Thread.java:744
[/code]


> Infinite loop in LengthDelimitedEncoder due to negative return from 
> SSLIOSession.writePlain()
> ---------------------------------------------------------------------------------------------
>
>                 Key: HTTPCORE-417
>                 URL: https://issues.apache.org/jira/browse/HTTPCORE-417
>             Project: HttpComponents HttpCore
>          Issue Type: Bug
>          Components: HttpCore NIO
>    Affects Versions: 4.4.4
>            Reporter: Miles Spielberg
>            Priority: Critical
>
> SSLIOSession.InternalByteChannel.write(ByteBuffer) does not obey the 
> WriteableByteChannel contract. In writePlain(), if the channel is closed, -1 
> is returned, but WriteableByteChannel should throw ClosedChannelException in 
> this case, and should certainly never return a negative value.
> This leads to an infinite loop in LengthDelimitedEncoder.write(). 
> AbstractContentEncoder.writeToChannel() returns the -1 from 
> SSLIOSession.InternalByteChannel, and this causes remaining to grow without 
> bound 
> (https://hc.apache.org/httpcomponents-core-4.4.x/httpcore-nio/xref/org/apache/http/impl/nio/codecs/LengthDelimitedEncoder.html#133).
> In my application, I see a stack trace similar to the following:
> {code}
> I/O dispatcher 2 tid=199 [RUNNABLE]
> org.apache.http.nio.reactor.ssl.SSLIOSession.access$100(SSLIOSession, 
> ByteBuffer) SSLIOSession.java:72
> org.apache.http.nio.reactor.ssl.SSLIOSession$InternalByteChannel.write(ByteBuffer)
>  SSLIOSession.java:811
> org.apache.http.impl.nio.codecs.AbstractContentEncoder.doWriteChunk(ByteBuffer,
>  boolean) AbstractContentEncoder.java:173
> org.apache.http.impl.nio.codecs.AbstractContentEncoder.doWriteChunk(ByteBuffer,
>  int, boolean) AbstractContentEncoder.java:166
> org.apache.http.impl.nio.codecs.AbstractContentEncoder.writeToChannel(ByteBuffer,
>  int) AbstractContentEncoder.java:140
> org.apache.http.impl.nio.codecs.LengthDelimitedEncoder.write(ByteBuffer) 
> LengthDelimitedEncoder.java:132
> com.box.http.apacheasync.compat.request.ActorSubscriberContentProducer$ContentProducer$.produceContent(ContentEncoder,
>  IOControl) ActorSubscriberContentProducer.scala:114
> com.box.http.apacheasync.compat.request.RequestConverter$$anon$1.produceContent(ContentEncoder,
>  IOControl) RequestConverter.scala:78
> org.apache.http.nio.protocol.BasicAsyncRequestProducer.produceContent(ContentEncoder,
>  IOControl) BasicAsyncRequestProducer.java:125
> org.apache.http.impl.nio.client.MainClientExec.produceContent(InternalState, 
> ContentEncoder, IOControl) MainClientExec.java:262
> org.apache.http.impl.nio.client.DefaultClientExchangeHandlerImpl.produceContent(ContentEncoder,
>  IOControl) DefaultClientExchangeHandlerImpl.java:136
> org.apache.http.nio.protocol.HttpAsyncRequestExecutor.outputReady(NHttpClientConnection,
>  ContentEncoder) HttpAsyncRequestExecutor.java:229
> org.apache.http.impl.nio.DefaultNHttpClientConnection.produceOutput(NHttpClientEventHandler)
>  DefaultNHttpClientConnection.java:292
> org.apache.http.impl.nio.client.InternalIODispatch.onOutputReady(DefaultNHttpClientConnection)
>  InternalIODispatch.java:86
> org.apache.http.impl.nio.client.InternalIODispatch.onOutputReady(Object) 
> InternalIODispatch.java:39
> org.apache.http.impl.nio.reactor.AbstractIODispatch.outputReady(IOSession) 
> AbstractIODispatch.java:154
> org.apache.http.impl.nio.reactor.BaseIOReactor.writable(SelectionKey) 
> BaseIOReactor.java:190
> org.apache.http.impl.nio.reactor.AbstractIOReactor.processEvent(SelectionKey) 
> AbstractIOReactor.java:343
> org.apache.http.impl.nio.reactor.AbstractIOReactor.processEvents(Set) 
> AbstractIOReactor.java:317
> org.apache.http.impl.nio.reactor.AbstractIOReactor.execute() 
> AbstractIOReactor.java:278
> org.apache.http.impl.nio.reactor.BaseIOReactor.execute(IOEventDispatch) 
> BaseIOReactor.java:106
> org.apache.http.impl.nio.reactor.AbstractMultiworkerIOReactor$Worker.run() 
> AbstractMultiworkerIOReactor.java:590
> java.lang.Thread.run() Thread.java:744
> {code}



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@hc.apache.org
For additional commands, e-mail: dev-h...@hc.apache.org