andreacavalli/netty5
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

[#829] Fix a race in SslHandler which could lead to all types of SSLExceptions, including handshake() failures

Browse Source
This commit is contained in:
Norman Maurer 2012-12-17 13:52:02 +01:00
parent 44938973b4
commit e784a773f7
1 changed files with 108 additions and 110 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
src/main/java/org/jboss/netty/handler/ssl/SslHandler.java
View File

@ -54,7 +54,6 @@ import java.util.concurrent.atomic.AtomicBoolean;
import java.util.regex.Pattern; import java.util.regex.Pattern;
import static org.jboss.netty.channel.Channels.*; import static org.jboss.netty.channel.Channels.*;
import static org.jboss.netty.channel.Channels.fireExceptionCaught;
/** /**
* Adds <a href="http://en.wikipedia.org/wiki/Transport_Layer_Security">SSL * Adds <a href="http://en.wikipedia.org/wiki/Transport_Layer_Security">SSL
@ -870,11 +869,10 @@ public class SslHandler extends FrameDecoder
channel.getRemoteAddress())); channel.getRemoteAddress()));
offered = true; offered = true;
} else { } else {
synchronized (handshakeLock) {
SSLEngineResult result = null; SSLEngineResult result = null;
try { try {
synchronized (handshakeLock) {
result = engine.wrap(outAppBuf, outNetBuf); result = engine.wrap(outAppBuf, outNetBuf);
}
} finally { } finally {
if (!outAppBuf.hasRemaining()) { if (!outAppBuf.hasRemaining()) {
pendingUnencryptedWrites.remove(); pendingUnencryptedWrites.remove();
@ -945,6 +943,7 @@ public class SslHandler extends FrameDecoder
} }
} }
} }
}
} catch (SSLException e) { } catch (SSLException e) {
success = false; success = false;
setHandshakeFailure(channel, e); setHandshakeFailure(channel, e);
@ -1125,7 +1124,6 @@ public class SslHandler extends FrameDecoder
synchronized (handshakeLock) { synchronized (handshakeLock) {
result = engine.unwrap(inNetBuf, outAppBuf); result = engine.unwrap(inNetBuf, outAppBuf);
}
// notify about the CLOSED state of the SSLEngine. See #137 // notify about the CLOSED state of the SSLEngine. See #137
if (result.getStatus() == Status.CLOSED) { if (result.getStatus() == Status.CLOSED) {
@ -1174,7 +1172,7 @@ public class SslHandler extends FrameDecoder
wrap(ctx, channel); wrap(ctx, channel);
} }
} }
}
outAppBuf.flip(); outAppBuf.flip();
if (outAppBuf.hasRemaining()) { if (outAppBuf.hasRemaining()) {