Jason Mathison created HTTPCORE-694:
---------------------------------------
Summary: Endless loop when encrypted buffer larger than plaintext
buffer
Key: HTTPCORE-694
URL: https://issues.apache.org/jira/browse/HTTPCORE-694
Project: HttpComponents HttpCore
Issue Type: Bug
Components: HttpCore
Affects Versions: 5.2-alpha1, 5.1.2
Reporter: Jason Mathison
We are having an issue where SSLIOSession::decryptData will effectively become
an endless loop when the size of the inEncryptedBuf buffer is larger than the
size of the inPlainBuf.
In this scenario the doUnwrap completely fills up the inPlainBuf. This causes
the
if (inPlainBuf.hasRemaining())
to return false and never clear anything out of the inPlainBuf buffer.
>From what we can tell the
if (inPlainBuf.hasRemaining()) {
This issue shows up when we use BouncyCastle for FIPS validated TLS, along with
an intentionally large response.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
