[
https://issues.apache.org/jira/browse/HTTPCORE-694?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Oleg Kalnichevski resolved HTTPCORE-694.
----------------------------------------
Resolution: Fixed
Fix committed to master and 5.1.x.
Oleg
> Endless loop when encrypted buffer larger than plaintext buffer
> ---------------------------------------------------------------
>
> Key: HTTPCORE-694
> URL: https://issues.apache.org/jira/browse/HTTPCORE-694
> Project: HttpComponents HttpCore
> Issue Type: Bug
> Components: HttpCore
> Affects Versions: 5.1.2, 5.2-alpha1
> Reporter: Jason Mathison
> Priority: Major
> Fix For: 5.1.3, 5.2-alpha3
>
>
> We are having an issue where SSLIOSession::decryptData will effectively
> become an endless loop when the size of the inEncryptedBuf buffer is larger
> than the size of the inPlainBuf.
> In this scenario the doUnwrap completely fills up the inPlainBuf. This
> causes the
> if (inPlainBuf.hasRemaining())
> to return false and never clear anything out of the inPlainBuf buffer.
> From what we can tell the
> if (inPlainBuf.hasRemaining()) {
> should be removed, as it is in error. There is no reason that this buffer
> being full should prevent it from being emptied.
> We verified that removing this code from 5.1.2 resolved the issue we were
> facing, along with all tests continuing to pass. There does not appear to be
> any change to this code in 5.2 alpha.
> This issue shows up when we use BouncyCastle for FIPS validated TLS, as it
> creates a larger inEncryptedBuf then the SUN stack. This issue is completely
> reproducible when we get a large response from our endpoint.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
