Limit the maximum size of the allocated outbound buffer to MAX_ENCRYPTED_PACKET_LENGTH

Motivation:

We should limit the size of the allocated outbound buffer to MAX_ENCRYPTED_PACKET_LENGTH to ensure we not cause an OOME when the user tries to encrypt a very big buffer.

Modifications:

Limit the size of the allocated outbound buffer to MAX_ENCRYPTED_PACKET_LENGTH

Result:

Fixes [#6564]
This commit is contained in:
Norman Maurer 2017-03-25 17:14:53 -07:00
parent 40bead56c4
commit ed1071d327
2 changed files with 9 additions and 2 deletions

View File

@ -1611,7 +1611,8 @@ public class ReferenceCountedOpenSslEngine extends SSLEngine implements Referenc
}
static int calculateOutNetBufSize(int pendingBytes, int numComponents) {
return (int) min(Integer.MAX_VALUE, pendingBytes + (long) MAX_TLS_RECORD_OVERHEAD_LENGTH * numComponents);
return (int) min(MAX_ENCRYPTED_PACKET_LENGTH,
pendingBytes + (long) MAX_TLS_RECORD_OVERHEAD_LENGTH * numComponents);
}
private final class OpenSslSession implements SSLSession, ApplicationProtocolAccessor {

View File

@ -318,7 +318,7 @@ public class OpenSslEngineTest extends SSLEngineTest {
@Test
public void testCalculateOutNetBufSizeOverflow() {
assertEquals(MAX_VALUE,
assertEquals(MAX_ENCRYPTED_PACKET_LENGTH,
ReferenceCountedOpenSslEngine.calculateOutNetBufSize(MAX_VALUE, 1));
}
@ -328,6 +328,12 @@ public class OpenSslEngineTest extends SSLEngineTest {
ReferenceCountedOpenSslEngine.calculateOutNetBufSize(0, 1));
}
@Test
public void testCalculateOutNetBufSizeMaxEncryptedPacketLength() {
assertEquals(MAX_ENCRYPTED_PACKET_LENGTH,
ReferenceCountedOpenSslEngine.calculateOutNetBufSize(MAX_ENCRYPTED_PACKET_LENGTH + 1, 2));
}
@Override
protected void mySetupMutualAuthServerInitSslHandler(SslHandler handler) {
ReferenceCountedOpenSslEngine engine = (ReferenceCountedOpenSslEngine) handler.engine();