[jira] [Commented] (KAFKA-2534) SSLTransportLayer does not handle buffer overflow correctly

Sun, 04 Oct 2015 09:55:48 -0700 

    [ 
https://issues.apache.org/jira/browse/KAFKA-2534?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14942713#comment-14942713
 ] 

Rajini Sivaram commented on KAFKA-2534:
---------------------------------------

The latest commit has removed duplicate code in SSLSelectorTest and uses 
inheritance from SelectorTest to run all selector tests with both plaintext and 
SSL. Added a new test class SSLTransportLayerTest to test SSL-specific code. It 
contains tests for buffer overflow/underflow and various authentication 
options. Will create a new JIRA to add more tests for renegotiation.

> SSLTransportLayer does not handle buffer overflow correctly
> -----------------------------------------------------------
>
>                 Key: KAFKA-2534
>                 URL: https://issues.apache.org/jira/browse/KAFKA-2534
>             Project: Kafka
>          Issue Type: Bug
>          Components: network
>    Affects Versions: 0.9.0.0
>            Reporter: Rajini Sivaram
>            Assignee: Rajini Sivaram
>             Fix For: 0.9.0.0
>
>
> There are a couple of issues with the handling of buffer overflow in 
> {{SSLTransportLayer}}.
> # {{netWriteBuffer}} is flipped immediately after {{wrap()}}, leaving the 
> data ready for writing onto the socket channel. If {{netWriteBuffer}} is 
> expanded because {{wrap()}} returns BUFFER_OVERFLOW, the expanded buffer 
> needs to be un-flipped before expansion and flipped afterwards to leave the 
> resulting buffer in the same state. The current implementation does not do 
> this and hence the expanded buffer is not as expected.
> # If {{handshakeUnwrap()}} returns a BUFFER_OVERFLOW because application 
> buffer needs to be expanded, the current implementation expands the buffer 
> and returns from the {{handshake()}} call. Since handshake data was already 
> read from the network, this can result in the handshake never completing if 
> no more data is received on the channel. {{handshakeUnwrap()}} should be 
> invoked after application buffer expansion to process data that has already 
> arrived.
> I will submit a PR with fixes for these along with unit tests which 
> demonstrate these issues. I am not sure it is easy to trigger buffer 
> overflow/underflow in a system test. Since these code paths are currently 
> untested, unit tests which mock these scenarios may be useful.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to