[jira] [Closed] (DIRMINA-637) SSLEngine output buffer seems to be too small

Fri, 05 Sep 2014 02:38:04 -0700 

     [ 
https://issues.apache.org/jira/browse/DIRMINA-637?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Emmanuel Lecharny closed DIRMINA-637.
-------------------------------------
    Resolution: Won't Fix

Branch 1.1 is dead.

> SSLEngine output buffer seems to be too small
> ---------------------------------------------
>
>                 Key: DIRMINA-637
>                 URL: https://issues.apache.org/jira/browse/DIRMINA-637
>             Project: MINA
>          Issue Type: Bug
>          Components: Filter
>    Affects Versions: 1.1.1, 1.1.7
>            Reporter: Dan Mihai Dumitriu
>            Assignee: Emmanuel Lecharny
>             Fix For: 1.1.8
>
>         Attachments: ssl-filter.patch
>
>
> the code below is in SSLHandler.java.  it makes the assumption that the size 
> of the output will never be larger than 2x the size of the input.  that 
> assumption appears to not hold up.  It looks like this code has been fixed in 
> trunk, but not in 1.1.7.  we only see an error for VERY specific content, 
> i.e. almost never.
>     public void encrypt(ByteBuffer src) throws SSLException {
>         if (!initialHandshakeComplete) {
>             throw new IllegalStateException();
>         }
>         // The data buffer is (must be) empty, we can reuse the entire
>         // buffer.
>         outNetBuffer.clear();
>         // Loop until there is no more data in src
>         while (src.hasRemaining()) {
>             if (src.remaining() > ((outNetBuffer.capacity() - outNetBuffer
>                     .position()) / 2)) {
>                 // We have to expand outNetBuffer
>                 // Note: there is no way to know the exact size required, but 
> enrypted data
>                 // shouln't need to be larger than twice the source data size?
>                 outNetBuffer = SSLByteBufferPool.expandBuffer(outNetBuffer, 
> src
>                         .capacity() * 2);
>                 if (SessionLog.isDebugEnabled(session)) {
>                     SessionLog.debug(session, " expanded outNetBuffer:"
>                             + outNetBuffer);
>                 }
>             }
>             SSLEngineResult result = sslEngine.wrap(src, outNetBuffer);
>             if (SessionLog.isDebugEnabled(session)) {
>                 SessionLog.debug(session, " Wrap res:" + result);
>             }
>             if (result.getStatus() == SSLEngineResult.Status.OK) {
>                 if (result.getHandshakeStatus() == 
> SSLEngineResult.HandshakeStatus.NEED_TASK) {
>                     doTasks();
>                 }
>             } else {
>                 throw new SSLException("SSLEngine error during encrypt: "
>                         + result.getStatus() + " src: " + src
>                         + "outNetBuffer: " + outNetBuffer);
>             }
>         }
>         outNetBuffer.flip();
>     }



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to