packages/openjdk-1.8.0
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
openjdk-1.8.0/8214418-half-closed-SSLEngine-status-may-cause-appli.patch

84 lines
3.7 KiB
Diff
Raw Blame History

From 7419e8c4fd5b858c43378cffc55b45845f845191 Mon Sep 17 00:00:00 2001
Date: Mon, 8 Mar 2021 09:28:45 +0800
Subject: 8214418: half-closed SSLEngine status may cause
application dead loop
Summary: <javax>: half-closed SSLEngine status may cause application dead loop
LLT: NA
Patch Type: backport
Bug url: https://hg.openjdk.java.net/jdk-updates/jdk11u-dev/rev/6852be0de227
---
.../classes/sun/security/ssl/Ciphertext.java | 2 --
.../classes/sun/security/ssl/SSLEngineImpl.java | 15 ++++++++++++++-
.../sun/security/ssl/TransportContext.java | 8 +-------
3 files changed, 15 insertions(+), 10 deletions(-)
diff --git a/jdk/src/share/classes/sun/security/ssl/Ciphertext.java b/jdk/src/share/classes/sun/security/ssl/Ciphertext.java
index 842db23af..5f95102b4 100644
--- a/jdk/src/share/classes/sun/security/ssl/Ciphertext.java
+++ b/jdk/src/share/classes/sun/security/ssl/Ciphertext.java
@@ -31,8 +31,6 @@ import javax.net.ssl.SSLEngineResult.HandshakeStatus;
* Ciphertext
*/
final class Ciphertext {
- static final Ciphertext CIPHERTEXT_NULL = new Ciphertext();
-
final byte contentType;
final byte handshakeType;
final long recordSN;
diff --git a/jdk/src/share/classes/sun/security/ssl/SSLEngineImpl.java b/jdk/src/share/classes/sun/security/ssl/SSLEngineImpl.java
index 7906e5181..ef64c7b4e 100644
--- a/jdk/src/share/classes/sun/security/ssl/SSLEngineImpl.java
+++ b/jdk/src/share/classes/sun/security/ssl/SSLEngineImpl.java
@@ -227,6 +227,19 @@ final class SSLEngineImpl extends SSLEngine implements SSLTransport {
hsStatus = ciphertext.handshakeStatus;
} else {
hsStatus = getHandshakeStatus();
+ if (ciphertext == null && !conContext.isNegotiated &&
+ conContext.isInboundClosed() &&
+ hsStatus == HandshakeStatus.NEED_WRAP) {
+ // Even the outboud is open, no futher data could be wrapped as:
+ // 1. the outbound is empty
+ // 2. no negotiated connection
+ // 3. the inbound has closed, cannot complete the handshake
+ //
+ // Mark the engine as closed if the handshake status is
+ // NEED_WRAP. Otherwise, it could lead to dead loops in
+ // applications.
+ status = Status.CLOSED;
+ }
}
int deltaSrcs = srcsRemains;
@@ -258,7 +271,7 @@ final class SSLEngineImpl extends SSLEngine implements SSLTransport {
}
if (ciphertext == null) {
- return Ciphertext.CIPHERTEXT_NULL;
+ return null;
}
// Is the handshake completed?
diff --git a/jdk/src/share/classes/sun/security/ssl/TransportContext.java b/jdk/src/share/classes/sun/security/ssl/TransportContext.java
index e9ffb3802..77a3c3bd5 100644
--- a/jdk/src/share/classes/sun/security/ssl/TransportContext.java
+++ b/jdk/src/share/classes/sun/security/ssl/TransportContext.java
@@ -576,13 +576,7 @@ class TransportContext implements ConnectionContext {
} else if (!isOutboundClosed()) {
// Special case that the inbound was closed, but outbound open.
return HandshakeStatus.NEED_WRAP;
- }
- } else if (isOutboundClosed() && !isInboundClosed()) {
- // Special case that the outbound was closed, but inbound open.
- return HandshakeStatus.NEED_UNWRAP;
- } else if (!isOutboundClosed() && isInboundClosed()) {
- // Special case that the inbound was closed, but outbound open.
- return HandshakeStatus.NEED_WRAP;
+ } // Otherwise, both inbound and outbound are closed.
}
return HandshakeStatus.NOT_HANDSHAKING;
--
2.19.0
Reference in New Issue View Git Blame Copy Permalink