From bc8e2e6a37922cd15ef39e7e9c194b0dcbea8aa6 Mon Sep 17 00:00:00 2001 From: Marco Fargetta Date: Thu, 25 May 2023 18:22:21 +0200 Subject: [PATCH] Fix OoM in JSSEngineReferenceImpl object If TLS connection is terminated by the server with a `close_notify` tomcat will call the `closeOutbound()` method but the `closeInbound()` is never called so the cleanup cannot be done at the end. It is possible to test the problem with a tomcat instance. If the option `-H 'Connection: close'` is present only the `closeoutbound()` is called. --- .../org/mozilla/jss/ssl/javax/JSSEngineReferenceImpl.java | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/base/src/main/java/org/mozilla/jss/ssl/javax/JSSEngineReferenceImpl.java b/base/src/main/java/org/mozilla/jss/ssl/javax/JSSEngineReferenceImpl.java index 1f0e10b31..cdd65f7ad 100644 --- a/base/src/main/java/org/mozilla/jss/ssl/javax/JSSEngineReferenceImpl.java +++ b/base/src/main/java/org/mozilla/jss/ssl/javax/JSSEngineReferenceImpl.java @@ -1588,6 +1588,11 @@ public SSLEngineResult wrap(ByteBuffer[] srcs, int offset, int length, ByteBuffe if (is_outbound_closed) { debug("Socket is currently closed."); handshake_status = SSLEngineResult.Status.CLOSED; + if(as_server) { + // If is_outbound_closed is true there is no need to wait + // for the receipt the peer's close_notify message. + closeInbound(); + } } debug("JSSEngine.wrap() - Finished"); @@ -1699,7 +1704,6 @@ protected void finalize() { cleanup(); } - private class CertValidationTask extends CertAuthHandler { public CertValidationTask(SSLFDProxy fd) { super(fd);