This is an automated email from the ASF dual-hosted git repository. markt pushed a commit to branch 8.5.x in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/8.5.x by this push: new b90d4fc Improve robustness b90d4fc is described below commit b90d4fc1ff44f30e4b3aba622ba6677e3f003822 Author: Mark Thomas <ma...@apache.org> AuthorDate: Wed Mar 3 12:00:46 2021 +0000 Improve robustness --- java/org/apache/tomcat/util/net/openssl/LocalStrings.properties | 1 + java/org/apache/tomcat/util/net/openssl/OpenSSLEngine.java | 6 ++++-- webapps/docs/changelog.xml | 4 ++++ 3 files changed, 9 insertions(+), 2 deletions(-) diff --git a/java/org/apache/tomcat/util/net/openssl/LocalStrings.properties b/java/org/apache/tomcat/util/net/openssl/LocalStrings.properties index 84990f3..34ec880 100644 --- a/java/org/apache/tomcat/util/net/openssl/LocalStrings.properties +++ b/java/org/apache/tomcat/util/net/openssl/LocalStrings.properties @@ -17,6 +17,7 @@ engine.ciphersFailure=Failed getting cipher list engine.emptyCipherSuite=Empty cipher suite engine.engineClosed=Engine is closed engine.failedCipherSuite=Failed to enable cipher suite [{0}] +engine.failedToReadAvailableBytes=There are plain text bytes available to read but no bytes were read engine.inboundClose=Inbound closed before receiving peer's close_notify engine.invalidBufferArray=offset: [{0}], length: [{1}] (expected: offset <= offset + length <= srcs.length [{2}]) engine.invalidDestinationBuffersState=The state of the destination buffers changed concurrently while unwrapping bytes diff --git a/java/org/apache/tomcat/util/net/openssl/OpenSSLEngine.java b/java/org/apache/tomcat/util/net/openssl/OpenSSLEngine.java index 59c1d5f..4700c2a 100644 --- a/java/org/apache/tomcat/util/net/openssl/OpenSSLEngine.java +++ b/java/org/apache/tomcat/util/net/openssl/OpenSSLEngine.java @@ -591,8 +591,10 @@ public final class OpenSSLEngine extends SSLEngine implements SSLUtil.ProtocolIn throw new SSLException(e); } - if (bytesRead == 0) { - break; + if (bytesRead <= 0) { + // This should not be possible. pendingApp is positive + // therefore the read should have read at least one byte. + throw new IllegalStateException(sm.getString("engine.failedToReadAvailableBytes")); } bytesProduced += bytesRead; diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml index eca9372..eeca5be 100644 --- a/webapps/docs/changelog.xml +++ b/webapps/docs/changelog.xml @@ -159,6 +159,10 @@ fully cleared, as there could be more than one error present after an operation (confirmed in the OpenSSL API documentation). (remm) </fix> + <fix> + Make handling of OpenSSL read errors more robust when plain text data is + reported to be available to read. (markt) + </fix> </changelog> </subsection> <subsection name="Web applications"> --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org