Le 20/01/16 19:33, Emmanuel Lécharny a écrit :
> Le 20/01/16 17:01, Radovan Semancik a écrit :
>> Hello,
>>
>> Working with Apache Directory API while getting Active Directory
>> schema over SSL uncovered a bug in Mina 2 code. The attempt to read
>> the data ended up in endless loop caused by consecutive overflows from
>> the SSL engine. What is worse, no indication of this condition was
>> passed to the client. The patch is attached.
>>
> Thanks a lot Radovan !
>
> I'll apply the patch and cut a release ASAP.
A minor change : we don't need to expand the buffer, it's already at the
max possible size.
...
int newCapacity =
sslEngine.getSession().getApplicationBufferSize();
if (appBuffer.remaining() >= newCapacity) {
// The buffer is already larger than the max buffer
size suggested by the SSL engine.
// Raising it any more will not make sense and it
will end up in an endless loop. Throwing an error is safer
throw new SSLException("SSL buffer overflow");
}
appBuffer.capacity(newCapacity);
appBuffer.limit(appBuffer.capacity());
continue;
...
