andreacavalli/netty5
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Only parse packet length once per packet. See #382

Browse Source
This commit is contained in:
norman 2012-06-06 08:20:30 +02:00
parent f759d30538
commit a56ea06e58
1 changed files with 64 additions and 61 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

125
handler/src/main/java/io/netty/handler/ssl/SslHandler.java
View File

@ -166,7 +166,6 @@ public class SslHandler extends StreamToStreamCodec {
private final SslBufferPool bufferPool; private final SslBufferPool bufferPool;
private final Executor delegatedTaskExecutor; private final Executor delegatedTaskExecutor;
// TODO: Fix STARTTLS
private final boolean startTls; private final boolean startTls;
private boolean sentFirstMessage; private boolean sentFirstMessage;
@ -183,6 +182,8 @@ public class SslHandler extends StreamToStreamCodec {
private volatile boolean issueHandshake; private volatile boolean issueHandshake;
private final SSLEngineInboundCloseFuture sslEngineCloseFuture = new SSLEngineInboundCloseFuture(); private final SSLEngineInboundCloseFuture sslEngineCloseFuture = new SSLEngineInboundCloseFuture();
private int packetLength = -1;
/** /**
* Creates a new instance. * Creates a new instance.
@ -610,82 +611,79 @@ public class SslHandler extends StreamToStreamCodec {
@Override @Override
public void decode(ChannelInboundHandlerContext<Byte> ctx, ChannelBuffer in, ChannelBuffer out) throws Exception { public void decode(ChannelInboundHandlerContext<Byte> ctx, ChannelBuffer in, ChannelBuffer out) throws Exception {
if (in.readableBytes() < 5) {
return;
}
in.markReaderIndex();
// check if the packet lenght was read before
int packetLength = 0; if (packetLength == -1) {
if (in.readableBytes() < 5) {
return;
}
// SSLv3 or TLS - Check ContentType
boolean tls;
switch (in.getUnsignedByte(in.readerIndex())) {
case 20: // change_cipher_spec
case 21: // alert
case 22: // handshake
case 23: // application_data
tls = true;
break;
default:
// SSLv2 or bad data
tls = false;
}
// SSLv3 or TLS - Check ContentType if (tls) {
boolean tls; // SSLv3 or TLS - Check ProtocolVersion
switch (in.getUnsignedByte(in.readerIndex())) { int majorVersion = in.getUnsignedByte(in.readerIndex() + 1);
case 20: // change_cipher_spec if (majorVersion == 3) {
case 21: // alert // SSLv3 or TLS
case 22: // handshake packetLength = (getShort(in, in.readerIndex() + 3) & 0xFFFF) + 5;
case 23: // application_data if (packetLength <= 5) {
tls = true; // Neither SSLv3 or TLSv1 (i.e. SSLv2 or bad data)
break; tls = false;
default: }
// SSLv2 or bad data } else {
tls = false;
}
if (tls) {
// SSLv3 or TLS - Check ProtocolVersion
int majorVersion = in.getUnsignedByte(in.readerIndex() + 1);
if (majorVersion == 3) {
// SSLv3 or TLS
packetLength = (getShort(in, in.readerIndex() + 3) & 0xFFFF) + 5;
if (packetLength <= 5) {
// Neither SSLv3 or TLSv1 (i.e. SSLv2 or bad data) // Neither SSLv3 or TLSv1 (i.e. SSLv2 or bad data)
tls = false; tls = false;
} }
} else {
// Neither SSLv3 or TLSv1 (i.e. SSLv2 or bad data)
tls = false;
} }
}
if (!tls) { if (!tls) {
// SSLv2 or bad data - Check the version // SSLv2 or bad data - Check the version
boolean sslv2 = true; boolean sslv2 = true;
int headerLength = (in.getUnsignedByte( int headerLength = (in.getUnsignedByte(
in.readerIndex()) & 0x80) != 0 ? 2 : 3; in.readerIndex()) & 0x80) != 0 ? 2 : 3;
int majorVersion = in.getUnsignedByte( int majorVersion = in.getUnsignedByte(
in.readerIndex() + headerLength + 1); in.readerIndex() + headerLength + 1);
if (majorVersion == 2 || majorVersion == 3) { if (majorVersion == 2 || majorVersion == 3) {
// SSLv2 // SSLv2
if (headerLength == 2) { if (headerLength == 2) {
packetLength = (getShort(in, in.readerIndex()) & 0x7FFF) + 2; packetLength = (getShort(in, in.readerIndex()) & 0x7FFF) + 2;
} else {
packetLength = (getShort(in, in.readerIndex()) & 0x3FFF) + 3;
}
if (packetLength <= headerLength) {
sslv2 = false;
}
} else { } else {
packetLength = (getShort(in, in.readerIndex()) & 0x3FFF) + 3;
}
if (packetLength <= headerLength) {
sslv2 = false; sslv2 = false;
} }
} else {
sslv2 = false;
}
if (!sslv2) { if (!sslv2) {
// Bad data - discard the buffer and raise an exception. // Bad data - discard the buffer and raise an exception.
SSLException e = new SSLException( SSLException e = new SSLException(
"not an SSL/TLS record: " + ChannelBuffers.hexDump(in)); "not an SSL/TLS record: " + ChannelBuffers.hexDump(in));
in.skipBytes(in.readableBytes()); in.skipBytes(in.readableBytes());
throw e; throw e;
}
} }
assert packetLength > 0;
} }
assert packetLength > 0;
if (in.readableBytes() < packetLength) { if (in.readableBytes() < packetLength) {
// not enough bytes so reset the reader index and return // not enough bytes left to read the packet
// // so return here for now
// TODO: store the parsed packetlength and reuse it. This will safe us from re-parse it
in.resetReaderIndex();
return; return;
} }
@ -705,7 +703,12 @@ public class SslHandler extends StreamToStreamCodec {
// before calling the user code. // before calling the user code.
final int packetOffset = in.readerIndex(); final int packetOffset = in.readerIndex();
in.skipBytes(packetLength); in.skipBytes(packetLength);
unwrap(ctx, ctx.channel(), in, packetOffset, packetLength, out); try {
unwrap(ctx, ctx.channel(), in, packetOffset, packetLength, out);
} finally {
// reset packet length
packetLength = -1;
}
} }
/** /**