Go to file
Scott Mitchell 53fc693901 SslHandler and OpenSslEngine miscalculation of wrap destination buffer size
Motivation:
When we do a wrap operation we calculate the maximum size of the destination buffer ahead of time, and return a BUFFER_OVERFLOW exception if the destination buffer is not big enough. However if there is a CompositeByteBuf the wrap operation may consist of multiple ByteBuffers and each incurs its own overhead during the encryption. We currently don't account for the overhead required for encryption if there are multiple ByteBuffers and we assume the overhead will only apply once to the entire input size. If there is not enough room to write an entire encrypted packed into the BIO SSL_write will return -1 despite having actually written content to the BIO. We then attempt to retry the write with a bigger buffer, but because SSL_write is stateful the remaining bytes from the previous operation are put into the BIO. This results in sending the second half of the encrypted data being sent to the peer which is not of proper format and the peer will be confused and ultimately not get the expected data (which may result in a fatal error). In this case because SSL_write returns -1 we have no way to know how many bytes were actually consumed and so the best we can do is ensure that we always allocate a destination buffer with enough space so we are guaranteed to complete the write operation synchronously.

Modifications:
- SslHandler#allocateNetBuf should take into account how many ByteBuffers will be wrapped and apply the encryption overhead for each
- Include the TLS header length in the overhead computation

Result:
Fixes https://github.com/netty/netty/issues/6481
2017-03-06 08:15:13 -08:00
.github Use GitHub Issue/PR Template Feature 2016-12-07 11:40:26 -08:00
all Missing release modules in netty-all project 2017-02-20 13:44:36 +01:00
bom Add a 'bill of materials' project for Maven users 2017-03-01 10:50:57 +01:00
buffer Correct usages of internalNioBuffer 2017-03-02 12:51:22 -08:00
codec Lz4FrameEncoder incorrect usage of internalNioBuffer 2017-03-02 12:50:40 -08:00
codec-dns Prefer JDK ThreadLocalRandom implementation over ours. 2017-02-16 15:44:00 -08:00
codec-haproxy [maven-release-plugin] prepare for next development iteration 2017-01-30 15:14:02 +01:00
codec-http Correctly build socketaddress string, followup of 8b2badf44f 2017-03-01 20:05:20 +01:00
codec-http2 HTTP/2 move internal HPACK classes to the http2 package 2017-03-02 07:42:41 -08:00
codec-memcache [maven-release-plugin] prepare for next development iteration 2017-01-30 15:14:02 +01:00
codec-mqtt Introduced MqttMessageBuilders to fluently create MQTT messages 2017-02-19 13:39:59 +01:00
codec-redis Adding 'final' keyword for private fields where possible 2017-02-14 08:29:15 +01:00
codec-smtp [maven-release-plugin] prepare for next development iteration 2017-01-30 15:14:02 +01:00
codec-socks [maven-release-plugin] prepare for next development iteration 2017-01-30 15:14:02 +01:00
codec-stomp [maven-release-plugin] prepare for next development iteration 2017-01-30 15:14:02 +01:00
codec-xml Fix some warnings at generics usage 2017-02-22 07:29:59 +01:00
common Correctly build socketaddress string, followup of 8b2badf44f 2017-03-01 20:05:20 +01:00
example Make methods 'static' where it missed 2017-02-23 11:01:57 +01:00
handler SslHandler and OpenSslEngine miscalculation of wrap destination buffer size 2017-03-06 08:15:13 -08:00
handler-proxy Make netty build work on Java9 2017-02-16 20:26:30 +01:00
license added support for Protobuf codec nano runtime 2016-01-19 21:39:17 +01:00
microbench HTTP/2 move internal HPACK classes to the http2 package 2017-03-02 07:42:41 -08:00
resolver Fix some warnings at generics usage 2017-02-22 07:29:59 +01:00
resolver-dns Prefer JDK ThreadLocalRandom implementation over ours. 2017-02-16 15:44:00 -08:00
tarball [maven-release-plugin] prepare for next development iteration 2017-01-30 15:14:02 +01:00
testsuite Make methods 'static' where it missed 2017-02-23 11:01:57 +01:00
testsuite-autobahn Move AutobahnTestsuite to extra module 2017-02-21 10:13:31 +01:00
testsuite-osgi Make netty build work on Java9 2017-02-16 20:26:30 +01:00
transport Correct usages of internalNioBuffer 2017-03-02 12:51:22 -08:00
transport-native-epoll Cleanup EPOLL native exceptions 2017-03-01 05:42:48 -08:00
transport-rxtx [maven-release-plugin] prepare for next development iteration 2017-01-30 15:14:02 +01:00
transport-sctp [maven-release-plugin] prepare for next development iteration 2017-01-30 15:14:02 +01:00
transport-udt Remove annotation from package-info.java as IDEA not like it, cleanup of 4734ef61a5 2017-03-01 21:06:59 +01:00
.fbprefs Updated Find Bugs configuration 2009-03-04 10:33:09 +00:00
.gitignore Use shaded dependency on JCTools instead of copy and paste 2016-06-10 13:19:45 +02:00
.travis.yml Travis CI branch whitelisting 2013-03-11 09:55:43 +09:00
CONTRIBUTING.md Move the pull request guide to the developer guide 2014-03-12 13:13:58 +09:00
LICENSE.txt Relicensed to Apache License v2 2009-08-28 07:15:49 +00:00
NOTICE.txt added support for Protobuf codec nano runtime 2016-01-19 21:39:17 +01:00
pom.xml Update to netty-tcnative 2.0.0.Beta7 2017-03-03 17:58:43 +01:00
README.md Updating Branches to look section to match the current branching structure of the project 2016-03-10 22:08:01 +01:00
run-example.sh Add an example client for codec-redis 2016-04-23 11:18:12 -07:00

Netty Project

Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients.

How to build

For the detailed information about building and developing Netty, please visit the developer guide. This page only gives very basic information.

You require the following to build Netty:

Note that this is build-time requirement. JDK 5 (for 3.x) or 6 (for 4.0+) is enough to run your Netty-based application.

Branches to look

Development of all versions takes place in each branch whose name is identical to <majorVersion>.<minorVersion>. For example, the development of 3.9 and 4.0 resides in the branch '3.9' and the branch '4.0' respectively.