Skip to content

Commit

Permalink
Improve robustness
Browse files Browse the repository at this point in the history
  • Loading branch information
markt-asf committed Mar 3, 2021
1 parent 63300af commit 34115fb
Show file tree
Hide file tree
Showing 3 changed files with 9 additions and 2 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -17,6 +17,7 @@ engine.ciphersFailure=Failed getting cipher list
engine.emptyCipherSuite=Empty cipher suite
engine.engineClosed=Engine is closed
engine.failedCipherSuite=Failed to enable cipher suite [{0}]
engine.failedToReadAvailableBytes=There are plain text bytes available to read but no bytes were read
engine.inboundClose=Inbound closed before receiving peer's close_notify
engine.invalidBufferArray=offset: [{0}], length: [{1}] (expected: offset <= offset + length <= srcs.length [{2}])
engine.invalidDestinationBuffersState=The state of the destination buffers changed concurrently while unwrapping bytes
Expand Down
6 changes: 4 additions & 2 deletions java/org/apache/tomcat/util/net/openssl/OpenSSLEngine.java
Original file line number Diff line number Diff line change
Expand Up @@ -591,8 +591,10 @@ public synchronized SSLEngineResult unwrap(final ByteBuffer src, final ByteBuffe
throw new SSLException(e);
}

if (bytesRead == 0) {
break;
if (bytesRead <= 0) {
// This should not be possible. pendingApp is positive
// therefore the read should have read at least one byte.
throw new IllegalStateException(sm.getString("engine.failedToReadAvailableBytes"));
}

bytesProduced += bytesRead;
Expand Down
4 changes: 4 additions & 0 deletions webapps/docs/changelog.xml
Original file line number Diff line number Diff line change
Expand Up @@ -185,6 +185,10 @@
fully cleared, as there could be more than one error present after
an operation (confirmed in the OpenSSL API documentation). (remm)
</fix>
<fix>
Make handling of OpenSSL read errors more robust when plain text data is
reported to be available to read. (markt)
</fix>
</changelog>
</subsection>
<subsection name="Web applications">
Expand Down

0 comments on commit 34115fb

Please sign in to comment.