[tomcat] branch 8.5.x updated: Avoid possible NPE

Tue, 09 Feb 2021 04:30:16 -0800 

This is an automated email from the ASF dual-hosted git repository.

remm pushed a commit to branch 8.5.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git


The following commit(s) were added to refs/heads/8.5.x by this push:
     new e5c1075  Avoid possible NPE
e5c1075 is described below

commit e5c1075e06618b36f89b5cae2c4672222e236e0d
Author: remm <r...@apache.org>
AuthorDate: Tue Feb 9 13:19:11 2021 +0100

    Avoid possible NPE
    
    Very early unexpected exceptions could lead to a null sslEngine, nothing
    to do in that case on close. Seen in BZ65131.
---
 java/org/apache/tomcat/util/net/SecureNio2Channel.java | 9 ++++++++-
 java/org/apache/tomcat/util/net/SecureNioChannel.java  | 5 +++++
 webapps/docs/changelog.xml                             | 4 ++++
 3 files changed, 17 insertions(+), 1 deletion(-)

diff --git a/java/org/apache/tomcat/util/net/SecureNio2Channel.java 
b/java/org/apache/tomcat/util/net/SecureNio2Channel.java
index 92fe2f0..49768e4 100644
--- a/java/org/apache/tomcat/util/net/SecureNio2Channel.java
+++ b/java/org/apache/tomcat/util/net/SecureNio2Channel.java
@@ -596,8 +596,15 @@ public class SecureNio2Channel extends Nio2Channel  {
      */
     @Override
     public void close() throws IOException {
-        if (closing) return;
+        if (closing) {
+            return;
+        }
         closing = true;
+        if (sslEngine == null) {
+            netOutBuffer.clear();
+            closed = true;
+            return;
+        }
         sslEngine.closeOutbound();
         long timeout = endpoint.getConnectionTimeout();
 
diff --git a/java/org/apache/tomcat/util/net/SecureNioChannel.java 
b/java/org/apache/tomcat/util/net/SecureNioChannel.java
index f235ade..a38ec47 100644
--- a/java/org/apache/tomcat/util/net/SecureNioChannel.java
+++ b/java/org/apache/tomcat/util/net/SecureNioChannel.java
@@ -540,6 +540,11 @@ public class SecureNioChannel extends NioChannel  {
             return;
         }
         closing = true;
+        if (sslEngine == null) {
+            netOutBuffer.clear();
+            closed = true;
+            return;
+        }
         sslEngine.closeOutbound();
 
         if (!flush(netOutBuffer)) {
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index c8a0e2c..f313899 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -118,6 +118,10 @@
         <bug>65118</bug>: Fix a potential <code>NullPointerException</code> 
when
         pruning closed HTTP/2 streams from the connection. (markt)
       </fix>
+      <fix>
+        Avoid NullPointerException when a secure channel is closed before the
+        SSL engine was initialized. (remm)
+      </fix>
     </changelog>
   </subsection>
   <subsection name="Web applications">


---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Reply via email to