[tomcat] branch 9.0.x updated: Avoid possible NPE

Tue, 09 Feb 2021 04:29:47 -0800 

This is an automated email from the ASF dual-hosted git repository.

remm pushed a commit to branch 9.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git


The following commit(s) were added to refs/heads/9.0.x by this push:
     new 1a9b9ac  Avoid possible NPE
1a9b9ac is described below

commit 1a9b9acaa4ac16e9a8de68508eac5a43eb217563
Author: remm <r...@apache.org>
AuthorDate: Tue Feb 9 13:19:11 2021 +0100

    Avoid possible NPE
    
    Very early unexpected exceptions could lead to a null sslEngine, nothing
    to do in that case on close. Seen in BZ65131.
---
 java/org/apache/tomcat/util/net/SecureNio2Channel.java | 9 ++++++++-
 java/org/apache/tomcat/util/net/SecureNioChannel.java  | 5 +++++
 webapps/docs/changelog.xml                             | 4 ++++
 3 files changed, 17 insertions(+), 1 deletion(-)

diff --git a/java/org/apache/tomcat/util/net/SecureNio2Channel.java 
b/java/org/apache/tomcat/util/net/SecureNio2Channel.java
index 611038e..b2d94d1 100644
--- a/java/org/apache/tomcat/util/net/SecureNio2Channel.java
+++ b/java/org/apache/tomcat/util/net/SecureNio2Channel.java
@@ -596,8 +596,15 @@ public class SecureNio2Channel extends Nio2Channel  {
      */
     @Override
     public void close() throws IOException {
-        if (closing) return;
+        if (closing) {
+            return;
+        }
         closing = true;
+        if (sslEngine == null) {
+            netOutBuffer.clear();
+            closed = true;
+            return;
+        }
         sslEngine.closeOutbound();
         long timeout = endpoint.getConnectionTimeout();
 
diff --git a/java/org/apache/tomcat/util/net/SecureNioChannel.java 
b/java/org/apache/tomcat/util/net/SecureNioChannel.java
index 0dedafe..bfaaa8f 100644
--- a/java/org/apache/tomcat/util/net/SecureNioChannel.java
+++ b/java/org/apache/tomcat/util/net/SecureNioChannel.java
@@ -551,6 +551,11 @@ public class SecureNioChannel extends NioChannel {
             return;
         }
         closing = true;
+        if (sslEngine == null) {
+            netOutBuffer.clear();
+            closed = true;
+            return;
+        }
         sslEngine.closeOutbound();
 
         if (!flush(netOutBuffer)) {
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index ac585da..9dbf03a 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -118,6 +118,10 @@
         <bug>65118</bug>: Fix a potential <code>NullPointerException</code> 
when
         pruning closed HTTP/2 streams from the connection. (markt)
       </fix>
+      <fix>
+        Avoid NullPointerException when a secure channel is closed before the
+        SSL engine was initialized. (remm)
+      </fix>
     </changelog>
   </subsection>
   <subsection name="Web applications">


---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Reply via email to