[Bug 61948] New: BufferUnderflowException and IllegalArgumentException in TLSClientHelloExtractor

Sun, 31 Dec 2017 06:44:40 -0800 

https://bz.apache.org/bugzilla/show_bug.cgi?id=61948

            Bug ID: 61948
           Summary: BufferUnderflowException and IllegalArgumentException
                    in TLSClientHelloExtractor
           Product: Tomcat 9
           Version: 9.0.2
          Hardware: PC
                OS: Linux
            Status: NEW
          Severity: normal
          Priority: P2
         Component: Util
          Assignee: dev@tomcat.apache.org
          Reporter: kat...@gmail.com
  Target Milestone: -----

I found two similar exceptions in system journal.

1:22:10 org.apache.tomcat.util.net.NioEndpoint$SocketProcessor doRun
SEVERE: 
java.nio.BufferUnderflowException
at java.base/java.nio.Buffer.nextGetIndex(Buffer.java:634)
at java.base/java.nio.HeapByteBuffer.getChar(HeapByteBuffer.java:299)
at
org.apache.tomcat.util.net.TLSClientHelloExtractor.<init>(TLSClientHelloExtractor.java:110)
at
org.apache.tomcat.util.net.SecureNioChannel.processSNI(SecureNioChannel.java:282)
at
org.apache.tomcat.util.net.SecureNioChannel.handshake(SecureNioChannel.java:175)
at
org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1353)
at
org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
at
java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1167)
at
java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:641)
at
org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
at java.base/java.lang.Thread.run(Thread.java:844)

1:22:11 org.apache.tomcat.util.net.NioEndpoint$SocketProcessor doRun
SEVERE: 
java.lang.IllegalArgumentException: newPosition > limit: (34392 > 248)
at java.base/java.nio.Buffer.createPositionException(Buffer.java:313)
at java.base/java.nio.Buffer.position(Buffer.java:288)
at java.base/java.nio.ByteBuffer.position(ByteBuffer.java:1079)
at java.base/java.nio.ByteBuffer.position(ByteBuffer.java:260)
at
org.apache.tomcat.util.net.TLSClientHelloExtractor.skipBytes(TLSClientHelloExtractor.java:250)
at
org.apache.tomcat.util.net.TLSClientHelloExtractor.<init>(TLSClientHelloExtractor.java:141)
at
org.apache.tomcat.util.net.SecureNioChannel.processSNI(SecureNioChannel.java:282)
at
org.apache.tomcat.util.net.SecureNioChannel.handshake(SecureNioChannel.java:175)
at
org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1353)
at
org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
at
java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1167)
at
java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:641)
at
org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
at java.base/java.lang.Thread.run(Thread.java:844)

It seems that TLSClientHelloExtractor doesn't have enough checks for sanity of
received client hello message.

-- 
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Reply via email to