[jira] [Commented] (DIRMINA-637) SSLEngine output buffer seems to be too small

[Dmitry Shohov (JIRA)]

    [ 
https://issues.apache.org/jira/browse/DIRMINA-637?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13101137#comment-13101137
 ] 

Dmitry Shohov commented on DIRMINA-637:
---------------------------------------

fix provided by Dan Mihai Dumitriu in comment is not working. It expands buffer 
every time when encrypt() method is called. This leads to OOM errors. Must be 
improved before applying in 1.1.8 :)

> SSLEngine output buffer seems to be too small
> ---------------------------------------------
>
>                 Key: DIRMINA-637
>                 URL: https://issues.apache.org/jira/browse/DIRMINA-637
>             Project: MINA
>          Issue Type: Bug
>          Components: Filter
>    Affects Versions: 1.1.1, 1.1.7
>            Reporter: Dan Mihai Dumitriu
>            Assignee: Emmanuel Lecharny
>             Fix For: 1.1.8
>
>
> the code below is in SSLHandler.java.  it makes the assumption that the size 
> of the output will never be larger than 2x the size of the input.  that 
> assumption appears to not hold up.  It looks like this code has been fixed in 
> trunk, but not in 1.1.7.  we only see an error for VERY specific content, 
> i.e. almost never.
>     public void encrypt(ByteBuffer src) throws SSLException {
>         if (!initialHandshakeComplete) {
>             throw new IllegalStateException();
>         }
>         // The data buffer is (must be) empty, we can reuse the entire
>         // buffer.
>         outNetBuffer.clear();
>         // Loop until there is no more data in src
>         while (src.hasRemaining()) {
>             if (src.remaining() > ((outNetBuffer.capacity() - outNetBuffer
>                     .position()) / 2)) {
>                 // We have to expand outNetBuffer
>                 // Note: there is no way to know the exact size required, but 
> enrypted data
>                 // shouln't need to be larger than twice the source data size?
>                 outNetBuffer = SSLByteBufferPool.expandBuffer(outNetBuffer, 
> src
>                         .capacity() * 2);
>                 if (SessionLog.isDebugEnabled(session)) {
>                     SessionLog.debug(session, " expanded outNetBuffer:"
>                             + outNetBuffer);
>                 }
>             }
>             SSLEngineResult result = sslEngine.wrap(src, outNetBuffer);
>             if (SessionLog.isDebugEnabled(session)) {
>                 SessionLog.debug(session, " Wrap res:" + result);
>             }
>             if (result.getStatus() == SSLEngineResult.Status.OK) {
>                 if (result.getHandshakeStatus() == 
> SSLEngineResult.HandshakeStatus.NEED_TASK) {
>                     doTasks();
>                 }
>             } else {
>                 throw new SSLException("SSLEngine error during encrypt: "
>                         + result.getStatus() + " src: " + src
>                         + "outNetBuffer: " + outNetBuffer);
>             }
>         }
>         outNetBuffer.flip();
>     }

--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira