[
https://issues.apache.org/jira/browse/DIRMINA-1017?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14644115#comment-14644115
]
Terence Marks commented on DIRMINA-1017:
----------------------------------------
Hey, sorry I skipped a few details.
Ok, I did a tonne of debugging trying to work this out. Essentially, the
SSLEngine has an internal buffer. So whenever you pass in bytes for it to
unwrap, there is a chance that it can't unwrap it as the hash has not yet been
received for the data, so instead it stores it locally and waits for more bytes
to be passed in.
There is one issue though - when it finally receives the hash and attempts to
unwrap the entire frame, it will only return BUFFER_OVERFLOW once if the output
buffer is too small. So essentially this behaviour is the actual problem. If
you give it a buffer which can't fit in the bytes on the second unwrap call, it
will just push whatever bytes it can onto the output buffer and discard the
rest.
Summary: SSLEngine.unwrap() will return BUFFER_OVERFLOW once, but not again if
you give it a buffer which is too small when calling it the next time. This
leads to bytes getting lost (root cause for me debugging this stuff in the
first place).
Please tell me that sort of makes sense lol,
Terence
> SSLEngine BUFFER_OVERFLOW (unwrap)
> ----------------------------------
>
> Key: DIRMINA-1017
> URL: https://issues.apache.org/jira/browse/DIRMINA-1017
> Project: MINA
> Issue Type: Bug
> Components: SSL
> Affects Versions: 2.0.9
> Environment: Android
> Reporter: Terence Marks
> Fix For: 2.0.10
>
> Original Estimate: 24h
> Remaining Estimate: 24h
>
> I've discovered an issue with the SslHandler class when the unwrap method is
> called on the local SSLEngine member (SslHandler.sslEngine).
> If the returned status is SSLEngineResult.Status.BUFFER_OVERFLOW, the
> capacity of the output buffer (SslHandler.appBuffer) can be increased to a
> size which still may is not large enough for the result.
> I have reproduced this issue consistently by sending a 4k frame over TLS1.2
> to an android device. The frame gets heavily fragmented, sometimes into 6
> frames, and the SSLEngine does not unwrap the frame until all the bytes have
> been received (since the hash is based on the entire frame).
> Since the frame gets heavily fragmented, the last segment of the frame can be
> lower than 2048 bytes. Hence by increasing the capacity by << 1, the output
> buffer will still be under the required size. (Have a look through SslHandler
> source for "appBuffer.capacity(appBuffer.capacity() << 1);")
> Anyway, the fix is really easy. Change the line:
> appBuffer.capacity(appBuffer.capacity() << 1);
> to:
> appBuffer.capacity(sslEngine.getSession().getApplicationBufferSize());
> This is actually in the java docs
> (http://docs.oracle.com/javase/7/docs/api/javax/net/ssl/SSLEngine.html) for
> the overflow buffer case.
> Hope this helps,
> Terence
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
