Author: markt Date: Mon Sep 19 11:31:35 2016 New Revision: 1761422 URL: http://svn.apache.org/viewvc?rev=1761422&view=rev Log: Fail earlier if the client closes the connection during SNI processing.
Modified: tomcat/trunk/java/org/apache/tomcat/util/net/SecureNioChannel.java tomcat/trunk/webapps/docs/changelog.xml Modified: tomcat/trunk/java/org/apache/tomcat/util/net/SecureNioChannel.java URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/net/SecureNioChannel.java?rev=1761422&r1=1761421&r2=1761422&view=diff ============================================================================== --- tomcat/trunk/java/org/apache/tomcat/util/net/SecureNioChannel.java (original) +++ tomcat/trunk/java/org/apache/tomcat/util/net/SecureNioChannel.java Mon Sep 19 11:31:35 2016 @@ -148,14 +148,19 @@ public class SecureNioChannel extends Ni } /** - * Performs SSL handshake, non blocking, but performs NEED_TASK on the same thread.<br> - * Hence, you should never call this method using your Acceptor thread, as you would slow down - * your system significantly.<br> - * The return for this operation is 0 if the handshake is complete and a positive value if it is not complete. - * In the event of a positive value coming back, reregister the selection key for the return values interestOps. + * Performs SSL handshake, non blocking, but performs NEED_TASK on the same + * thread. Hence, you should never call this method using your Acceptor + * thread, as you would slow down your system significantly. If the return + * value from this method is positive, the selection key should be + * registered interestOps given by the return value. + * * @param read boolean - true if the underlying channel is readable * @param write boolean - true if the underlying channel is writable - * @return int - 0 if hand shake is complete, otherwise it returns a SelectionKey interestOps value + * + * @return 0 if hand shake is complete, -1 if an error (other than an + * IOException) occurred, otherwise it returns a SelectionKey + * interestOps value + * * @throws IOException If an I/O error occurs during the handshake or if the * handshake fails during wrapping or unwrapping */ @@ -254,14 +259,19 @@ public class SecureNioChannel extends Ni * Peeks at the initial network bytes to determine if the SNI extension is * present and, if it is, what host name has been requested. Based on the * provided host name, configure the SSLEngine for this connection. + * + * @return 0 if SNI processing is complete, -1 if an error (other than an + * IOException) occurred, otherwise it returns a SelectionKey + * interestOps value + * + * @throws IOException If an I/O error occurs during the SNI processing */ private int processSNI() throws IOException { // Read some data into the network input buffer so we can peek at it. int bytesRead = sc.read(netInBuffer); if (bytesRead == -1) { - // Reached end of stream before SNI could be processed. Treat this - // as if no SNI was present. - return 0; + // Reached end of stream before SNI could be processed. + return -1; } TLSClientHelloExtractor extractor = new TLSClientHelloExtractor(netInBuffer); Modified: tomcat/trunk/webapps/docs/changelog.xml URL: http://svn.apache.org/viewvc/tomcat/trunk/webapps/docs/changelog.xml?rev=1761422&r1=1761421&r2=1761422&view=diff ============================================================================== --- tomcat/trunk/webapps/docs/changelog.xml (original) +++ tomcat/trunk/webapps/docs/changelog.xml Mon Sep 19 11:31:35 2016 @@ -87,6 +87,10 @@ track this. This removes the possibility that blocking the non-container thread could trigger a deadlock. (markt) </add> + <fix> + Fail earlier if the client closes the connection during SNI processing. + (markt) + </fix> </changelog> </subsection> <subsection name="Jasper"> --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org