Le 20/01/16 19:49, Emmanuel Lécharny a écrit :
> Le 20/01/16 19:33, Emmanuel Lécharny a écrit :
>> Le 20/01/16 17:01, Radovan Semancik a écrit :
>>> Hello,
>>>
>>> Working with Apache Directory API while getting Active Directory
>>> schema over SSL uncovered a bug in Mina 2 code. The attempt to read
>>> the data ended up in endless loop caused by consecutive overflows from
>>> the SSL engine. What is worse, no indication of this condition was
>>> passed to the client. The patch is attached.
>>>
>> Thanks a lot Radovan !
>>
>> I'll apply the patch and cut a release ASAP.
> A minor change : we don't need to expand the buffer, it's already at the
> max possible size.
>
> ...
> int newCapacity =
> sslEngine.getSession().getApplicationBufferSize();
>
> if (appBuffer.remaining() >= newCapacity) {
> // The buffer is already larger than the max buffer
> size suggested by the SSL engine.
> // Raising it any more will not make sense and it
> will end up in an endless loop. Throwing an error is safer
> throw new SSLException("SSL buffer overflow");
> }
>
> appBuffer.capacity(newCapacity);
> appBuffer.limit(appBuffer.capacity());
> continue;
> ...
I was wrong. Radovan's original patch is the right one : the appBuffer
must be expanded.
