This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 9.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/9.0.x by this push:
new d4b340f Improve robustness
d4b340f is described below
commit d4b340fa8feaf55831f9a59350578f7b6ca048b8
Author: Mark Thomas <[email protected]>
AuthorDate: Wed Mar 3 12:00:46 2021 +0000
Improve robustness
---
java/org/apache/tomcat/util/net/openssl/LocalStrings.properties | 1 +
java/org/apache/tomcat/util/net/openssl/OpenSSLEngine.java | 6 ++++--
webapps/docs/changelog.xml | 4 ++++
3 files changed, 9 insertions(+), 2 deletions(-)
diff --git a/java/org/apache/tomcat/util/net/openssl/LocalStrings.properties
b/java/org/apache/tomcat/util/net/openssl/LocalStrings.properties
index 84990f3..34ec880 100644
--- a/java/org/apache/tomcat/util/net/openssl/LocalStrings.properties
+++ b/java/org/apache/tomcat/util/net/openssl/LocalStrings.properties
@@ -17,6 +17,7 @@ engine.ciphersFailure=Failed getting cipher list
engine.emptyCipherSuite=Empty cipher suite
engine.engineClosed=Engine is closed
engine.failedCipherSuite=Failed to enable cipher suite [{0}]
+engine.failedToReadAvailableBytes=There are plain text bytes available to read
but no bytes were read
engine.inboundClose=Inbound closed before receiving peer's close_notify
engine.invalidBufferArray=offset: [{0}], length: [{1}] (expected: offset <=
offset + length <= srcs.length [{2}])
engine.invalidDestinationBuffersState=The state of the destination buffers
changed concurrently while unwrapping bytes
diff --git a/java/org/apache/tomcat/util/net/openssl/OpenSSLEngine.java
b/java/org/apache/tomcat/util/net/openssl/OpenSSLEngine.java
index 59c1d5f..4700c2a 100644
--- a/java/org/apache/tomcat/util/net/openssl/OpenSSLEngine.java
+++ b/java/org/apache/tomcat/util/net/openssl/OpenSSLEngine.java
@@ -591,8 +591,10 @@ public final class OpenSSLEngine extends SSLEngine
implements SSLUtil.ProtocolIn
throw new SSLException(e);
}
- if (bytesRead == 0) {
- break;
+ if (bytesRead <= 0) {
+ // This should not be possible. pendingApp is positive
+ // therefore the read should have read at least one byte.
+ throw new
IllegalStateException(sm.getString("engine.failedToReadAvailableBytes"));
}
bytesProduced += bytesRead;
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index d4f756f..0ad4971 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -166,6 +166,10 @@
fully cleared, as there could be more than one error present after
an operation (confirmed in the OpenSSL API documentation). (remm)
</fix>
+ <fix>
+ Make handling of OpenSSL read errors more robust when plain text data
is
+ reported to be available to read. (markt)
+ </fix>
</changelog>
</subsection>
<subsection name="Web applications">
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
