andreacavalli/netty5
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
3,377 Commits 27 Branches 234 Tags 84 MiB
Java 99.8%
Shell 0.1%
1fb6c7e115
Go to file
Hugues Bruant 1fb6c7e115 Fix overzealous assertion in SslHandler.decode 
Motivation:

This AE was seen in the wild at a non-negligible rate among AeroFS
clients (JDK 8, TLS 1.2, mutual auth with RSA certs).

Upon examination of SslHandler's code a few things became apparent:

- the AE is unnecessary given the contract of decode()
- the AE was introduced between 3.8 and 3.9
- the AE is no longer present in in 4.x and master
- branches that do not have the AE skip all the bytes being fed to
  unwrap()

It is not entirely clear what sequence of SSL records can trip the
assert but it seems to happen before the handshake is completed. The
little detailed data we've been able to gather shows the assert being
triggered when

- SSLEngine.unwrap returns NEED_WRAP
- the remaining buffer is a TLS heartbeat record

Likewise, it is not entirely clear if skipping the remaining bytes is
the right thing to do or if they should be fed back to unwrap.

Modifications:

Mirror behavior in newer versions by removing the assert and skipping
bytes fed to unwrap()

Add logging in an effort to get a better understanding of this corner
case.

Result:

Avoid crashes
2015-04-15 15:41:31 +09:00
license Provide convenient universal API to enable SSL/TLS 2014-05-17 19:40:48 +09:00
src Fix overzealous assertion in SslHandler.decode 2015-04-15 15:41:31 +09:00
.fbfilter.xml Update license headers 2012-06-04 13:35:22 -07:00
.fbprefs Updated Find Bugs configuration 2009-03-04 10:33:09 +00:00
.gitignore Add JVM crash logs to .gitignore 2014-05-18 21:39:00 +09:00
CONTRIBUTING.md Move the pull request guide to the developer guide 2014-03-12 13:18:38 +09:00
LICENSE.txt Relicensed to Apache License v2 2009-08-28 07:15:49 +00:00
NOTICE.txt Provide convenient universal API to enable SSL/TLS 2014-05-17 19:40:48 +09:00
pom.xml [maven-release-plugin] prepare for next development iteration 2014-12-17 13:07:25 +09:00
README.md Add README.md 2014-01-16 14:40:07 +09:00
run-example.sh Use a forked exec-maven-plugin instead of maven-antrun-plugin 2014-05-23 20:09:15 +09:00

README.md

Netty Project

Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients.

Links

How to build

For the detailed information about building and developing Netty, please visit the developer guide. This page only gives very basic information.

You require the following to build Netty:

Note that this is build-time requirement. JDK 5 (for 3.x) or 6 (for 4.0+) is enough to run your Netty-based application.

Branches to look

The 'master' branch is where the development of the latest major version lives on. The development of all other versions takes place in each branch whose name is identical to <majorVersion>.<minorVersion>. For example, the development of 3.9 and 4.0 resides in the branch '3.9' and the branch '4.0' respectively.