From 92b786e2f33a44f16be224305fe4fb716422b14a Mon Sep 17 00:00:00 2001
From: Norman Maurer <norman_maurer@apple.com>
Date: Tue, 24 Oct 2017 14:19:32 +0200
Subject: [PATCH] Fix possible leak in SslHandler if wrap(...) throws.

Motivation:

We can end up with a buffer leak if SSLEngine.wrap(...) throws.

Modifications:

Correctly release the ByteBuf if SSLEngine.wrap(...) throws.

Result:

Fixes [#7337].
---
 .../src/main/java/io/netty/handler/ssl/SslHandler.java   | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/handler/src/main/java/io/netty/handler/ssl/SslHandler.java b/handler/src/main/java/io/netty/handler/ssl/SslHandler.java
index c3920e68c4..444ba2f4b4 100644
--- a/handler/src/main/java/io/netty/handler/ssl/SslHandler.java
+++ b/handler/src/main/java/io/netty/handler/ssl/SslHandler.java
@@ -742,13 +742,14 @@ public class SslHandler extends ByteToMessageDecoder implements ChannelOutboundH
         ChannelPromise promise = null;
         ByteBufAllocator alloc = ctx.alloc();
         boolean needUnwrap = false;
+        ByteBuf buf = null;
         try {
             final int wrapDataSize = this.wrapDataSize;
             // Only continue to loop if the handler was not removed in the meantime.
             // See https://github.com/netty/netty/issues/5860
             while (!ctx.isRemoved()) {
                 promise = ctx.newPromise();
-                ByteBuf buf = wrapDataSize > 0 ?
+                buf = wrapDataSize > 0 ?
                         pendingUnencryptedWrites.remove(alloc, wrapDataSize, promise) :
                         pendingUnencryptedWrites.removeFirst(promise);
                 if (buf == null) {
@@ -763,6 +764,7 @@ public class SslHandler extends ByteToMessageDecoder implements ChannelOutboundH
 
                 if (result.getStatus() == Status.CLOSED) {
                     buf.release();
+                    buf = null;
                     promise.tryFailure(SSLENGINE_CLOSED);
                     promise = null;
                     // SSLEngine has been closed already.
@@ -775,6 +777,7 @@ public class SslHandler extends ByteToMessageDecoder implements ChannelOutboundH
                     } else {
                         buf.release();
                     }
+                    buf = null;
 
                     switch (result.getHandshakeStatus()) {
                         case NEED_TASK:
@@ -801,6 +804,10 @@ public class SslHandler extends ByteToMessageDecoder implements ChannelOutboundH
                 }
             }
         } finally {
+            // Ownership of buffer was not transferred, release it.
+            if (buf != null) {
+                buf.release();
+            }
             finishWrap(ctx, out, promise, inUnwrap, needUnwrap);
         }
     }