From 5cd8133477aa87445fe4277550094237fd2585ed Mon Sep 17 00:00:00 2001 From: Norman Maurer Date: Thu, 19 Jan 2017 12:12:17 +0100 Subject: [PATCH] Add unit test that shows we correctly return BUFFER_UNDERFLOW Motivation: We should test that we correctly return BUFFER_UNDERFLOW if the src buffer not contains enough data to unwrap it. Modification: Add unit test to verify behaviour. Result: Better test coverrage of SSLEngine implementations. --- .../io/netty/handler/ssl/SSLEngineTest.java | 72 +++++++++++++++++++ 1 file changed, 72 insertions(+) diff --git a/handler/src/test/java/io/netty/handler/ssl/SSLEngineTest.java b/handler/src/test/java/io/netty/handler/ssl/SSLEngineTest.java index cfb4829204..e0d9976115 100644 --- a/handler/src/test/java/io/netty/handler/ssl/SSLEngineTest.java +++ b/handler/src/test/java/io/netty/handler/ssl/SSLEngineTest.java @@ -1694,4 +1694,76 @@ public abstract class SSLEngineTest { cleanupServerSslEngine(server); } } + + @Test + public void testBufferUnderFlow() throws Exception { + SelfSignedCertificate cert = new SelfSignedCertificate(); + + clientSslCtx = SslContextBuilder + .forClient() + .trustManager(cert.cert()) + .sslProvider(sslClientProvider()) + .build(); + SSLEngine client = clientSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT); + + serverSslCtx = SslContextBuilder + .forServer(cert.certificate(), cert.privateKey()) + .sslProvider(sslServerProvider()) + .build(); + SSLEngine server = serverSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT); + + try { + ByteBuffer plainClient = allocateBuffer(1024); + plainClient.limit(plainClient.capacity()); + + ByteBuffer encClientToServer = allocateBuffer(client.getSession().getPacketBufferSize()); + ByteBuffer plainServer = allocateBuffer(server.getSession().getApplicationBufferSize()); + + handshake(client, server); + + SSLEngineResult result = client.wrap(plainClient, encClientToServer); + assertEquals(SSLEngineResult.Status.OK, result.getStatus()); + assertEquals(result.bytesConsumed(), plainClient.capacity()); + + // Flip so we can read it. + encClientToServer.flip(); + int remaining = encClientToServer.remaining(); + + // We limit the buffer so we have less then the header to read, this should result in an BUFFER_UNDERFLOW. + encClientToServer.limit(SslUtils.SSL_RECORD_HEADER_LENGTH - 1); + result = server.unwrap(encClientToServer, plainServer); + assertResultIsBufferUnderflow(result); + + // We limit the buffer so we can read the header but not the rest, this should result in an + // BUFFER_UNDERFLOW. + encClientToServer.limit(SslUtils.SSL_RECORD_HEADER_LENGTH); + result = server.unwrap(encClientToServer, plainServer); + assertResultIsBufferUnderflow(result); + + // We limit the buffer so we can read the header and partly the rest, this should result in an + // BUFFER_UNDERFLOW. + encClientToServer.limit( + SslUtils.SSL_RECORD_HEADER_LENGTH + remaining - 1 - SslUtils.SSL_RECORD_HEADER_LENGTH); + result = server.unwrap(encClientToServer, plainServer); + assertResultIsBufferUnderflow(result); + + // Reset limit so we can read the full record. + encClientToServer.limit(remaining); + + result = server.unwrap(encClientToServer, plainServer); + assertEquals(SSLEngineResult.Status.OK, result.getStatus()); + assertEquals(result.bytesConsumed(), remaining); + assertTrue(result.bytesProduced() > 0); + } finally { + cert.delete(); + cleanupClientSslEngine(client); + cleanupServerSslEngine(server); + } + } + + private static void assertResultIsBufferUnderflow(SSLEngineResult result) { + assertEquals(SSLEngineResult.Status.BUFFER_UNDERFLOW, result.getStatus()); + assertEquals(0, result.bytesConsumed()); + assertEquals(0, result.bytesProduced()); + } }