OpenSslEngine may use networkBIO after calling shutdown

Motivation: To ensure that all bytes queued in OpenSSL/tcnative internal buffers we invoke SSL_shutdown again to stimulate OpenSSL to write any pending bytes. If this call fails we may call SSL_free and the associated shutdown method to free resources. At this time we may attempt to use the networkBIO which has already been freed and get a NPE. Modifications: - Don't call bioLengthByteBuffer(networkBIO) if we have called shutdown() in ReferenceCountedOpenSslEngine Result: Fixes https://github.com/netty/netty/issues/6466
2017-02-27 19:33:05 -08:00 · 2017-02-27 19:33:05 -08:00 · 417eea8466
commit 417eea8466
parent b372a2f19f
1 changed files with 8 additions and 3 deletions
--- a/handler/src/main/java/io/netty/handler/ssl/ReferenceCountedOpenSslEngine.java
+++ b/handler/src/main/java/io/netty/handler/ssl/ReferenceCountedOpenSslEngine.java
@ -34,7 +34,6 @@ import io.netty.util.internal.logging.InternalLoggerFactory;

 import java.nio.ByteBuffer;
 import java.nio.ReadOnlyBufferException;
-import java.security.AlgorithmConstraints;
 import java.security.Principal;
 import java.security.cert.Certificate;
 import java.util.ArrayList;
@ -458,9 +457,11 @@ public class ReferenceCountedOpenSslEngine extends SSLEngine implements Referenc
                    // It is possible when the outbound was closed there was not enough room in the non-application
                    // buffers to hold the close_notify. We should keep trying to close until we consume all the data
                    // OpenSSL can give us.
-                    boolean didShutdown = doSSLShutdown();
+                    if (!doSSLShutdown()) {
+                        return newResultMayFinishHandshake(NOT_HANDSHAKING, 0, bytesProduced);
+                    }
                    bytesProduced = bioLengthBefore - SSL.bioLengthByteBuffer(networkBIO);
-                    return newResultMayFinishHandshake(didShutdown ? NEED_WRAP : NOT_HANDSHAKING, 0, bytesProduced);
+                    return newResultMayFinishHandshake(NEED_WRAP, 0, bytesProduced);
                }

                // Flush any data that may be implicitly generated by OpenSSL (handshake, close, etc..).
@ -1023,6 +1024,10 @@ public class ReferenceCountedOpenSslEngine extends SSLEngine implements Referenc
        }
    }

+    /**
+     * Attempt to call {@link SSL#shutdownSSL(long)}.
+     * @return {@code false} if the call to {@link SSL#shutdownSSL(long)} was not attempted or returned an error.
+     */
    private boolean doSSLShutdown() {
        if (SSL.isInInit(ssl) != 0) {
            // Only try to call SSL_shutdown if we are not in the init state anymore.