[tomcat] branch master updated: Avoid possible NPE

Tue, 09 Feb 2021 04:19:56 -0800 

This is an automated email from the ASF dual-hosted git repository.

remm pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/tomcat.git


The following commit(s) were added to refs/heads/master by this push:
     new eb3dfbf  Avoid possible NPE
eb3dfbf is described below

commit eb3dfbfff450864c558b03e2e4ef3e707b62f85d
Author: remm <r...@apache.org>
AuthorDate: Tue Feb 9 13:19:11 2021 +0100

    Avoid possible NPE
    
    Very early unexpected exceptions could lead to a null sslEngine, nothing
    to do in that case on close. Seen in BZ65131.
---
 java/org/apache/tomcat/util/net/SecureNio2Channel.java | 9 ++++++++-
 java/org/apache/tomcat/util/net/SecureNioChannel.java  | 5 +++++
 webapps/docs/changelog.xml                             | 4 ++++
 3 files changed, 17 insertions(+), 1 deletion(-)

diff --git a/java/org/apache/tomcat/util/net/SecureNio2Channel.java 
b/java/org/apache/tomcat/util/net/SecureNio2Channel.java
index 611038e..b2d94d1 100644
--- a/java/org/apache/tomcat/util/net/SecureNio2Channel.java
+++ b/java/org/apache/tomcat/util/net/SecureNio2Channel.java
@@ -596,8 +596,15 @@ public class SecureNio2Channel extends Nio2Channel  {
      */
     @Override
     public void close() throws IOException {
-        if (closing) return;
+        if (closing) {
+            return;
+        }
         closing = true;
+        if (sslEngine == null) {
+            netOutBuffer.clear();
+            closed = true;
+            return;
+        }
         sslEngine.closeOutbound();
         long timeout = endpoint.getConnectionTimeout();
 
diff --git a/java/org/apache/tomcat/util/net/SecureNioChannel.java 
b/java/org/apache/tomcat/util/net/SecureNioChannel.java
index 1ac2061..1f13338 100644
--- a/java/org/apache/tomcat/util/net/SecureNioChannel.java
+++ b/java/org/apache/tomcat/util/net/SecureNioChannel.java
@@ -525,6 +525,11 @@ public class SecureNioChannel extends NioChannel {
             return;
         }
         closing = true;
+        if (sslEngine == null) {
+            netOutBuffer.clear();
+            closed = true;
+            return;
+        }
         sslEngine.closeOutbound();
 
         if (!flush(netOutBuffer)) {
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index f8057a2..a71b7c8 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -123,6 +123,10 @@
         <bug>65118</bug>: Fix a potential <code>NullPointerException</code> 
when
         pruning closed HTTP/2 streams from the connection. (markt)
       </fix>
+      <fix>
+        Avoid NullPointerException when a secure channel is closed before the
+        SSL engine was initialized. (remm)
+      </fix>
     </changelog>
   </subsection>
   <subsection name="Web applications">


---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Reply via email to