jetty/CVE-2021-28165-1.patch

From 00d379c94ba865dced2025c2d1bc3e2e0e41e880 Mon Sep 17 00:00:00 2001
From: Joakim Erdfelt <joakim.erdfelt@gmail.com>
Date: Thu, 18 Mar 2021 08:08:55 -0500
Subject: [PATCH] Fixes #6072 - jetty server high CPU when client send data
 length > 17408.

Avoid spinning if the input buffer is full.

Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
Co-authored-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>
---
 .../main/java/org/eclipse/jetty/io/ssl/SslConnection.java | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/jetty-io/src/main/java/org/eclipse/jetty/io/ssl/SslConnection.java b/jetty-io/src/main/java/org/eclipse/jetty/io/ssl/SslConnection.java
index bc2431d..b2482e7 100644
--- a/jetty-io/src/main/java/org/eclipse/jetty/io/ssl/SslConnection.java
+++ b/jetty-io/src/main/java/org/eclipse/jetty/io/ssl/SslConnection.java
@@ -603,7 +603,13 @@ public class SslConnection extends AbstractConnection implements Connection.Upgr
 
                                 case BUFFER_UNDERFLOW:
                                     if (net_filled > 0)
-                                        continue; // try filling some more
+                                    {
+                                        if (BufferUtil.space(_encryptedInput) > 0)
+                                            continue; // try filling some more
+                                        BufferUtil.clear(_encryptedInput);
+                                        throw new SSLHandshakeException("Encrypted buffer max length exceeded");
+                                    }
+
                                     _underflown = true;
                                     if (net_filled < 0 && _sslEngine.getUseClientMode())
                                     {
-- 
2.23.0