Skip to content

Commit

Permalink
Fixed some SSL code
Browse files Browse the repository at this point in the history
  • Loading branch information
@elecharny
elecharny committed Apr 9, 2019
1 parent 6e5b966 commit 73e881a
Show file tree
Hide file tree
Showing 3 changed files with 31 additions and 6 deletions.
2 changes: 1 addition & 1 deletion mina-core/src/main/java/org/apache/mina/filter/ssl/SslFilter.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -857,7 +857,7 @@ public String toString() {
* message, but not for handshake messages, which will be swallowed.
*
*/
private static class EncryptedWriteRequest extends DefaultWriteRequest {
/* package protected */ static class EncryptedWriteRequest extends DefaultWriteRequest {
// Thee encrypted messagee
private final IoBuffer encryptedMessage;

Expand Down
34 changes: 30 additions & 4 deletions mina-core/src/main/java/org/apache/mina/filter/ssl/SslHandler.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -33,6 +33,7 @@
import javax.net.ssl.SSLException;
import javax.net.ssl.SSLHandshakeException;

import org.apache.mina.core.RuntimeIoException;
import org.apache.mina.core.buffer.IoBuffer;
import org.apache.mina.core.filterchain.IoFilter.NextFilter;
import org.apache.mina.core.filterchain.IoFilterEvent;
Expand All @@ -42,6 +43,7 @@
import org.apache.mina.core.session.IoSession;
import org.apache.mina.core.write.DefaultWriteRequest;
import org.apache.mina.core.write.WriteRequest;
import org.apache.mina.filter.ssl.SslFilter.EncryptedWriteRequest;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

Expand Down Expand Up @@ -528,9 +530,34 @@ private void checkStatus(SSLEngineResult res) throws SSLException {
* UNDERFLOW - Need to read more data from the socket. It's normal.
* CLOSED - The other peer closed the socket. Also normal.
*/
if (status == SSLEngineResult.Status.BUFFER_OVERFLOW) {
throw new SSLException("SSLEngine error during decrypt: " + status + " inNetBuffer: " + inNetBuffer
switch (status) {
case BUFFER_OVERFLOW:
throw new SSLException("SSLEngine error during decrypt: " + status + " inNetBuffer: " + inNetBuffer
+ "appBuffer: " + appBuffer);
case CLOSED:
Exception exception =new RuntimeIoException("SSL/TLS close_notify received");

// Empty the Ssl queue
for (IoFilterEvent event:filterWriteEventQueue) {
EncryptedWriteRequest writeRequest = (EncryptedWriteRequest)event.getParameter();
WriteFuture writeFuture = writeRequest.getParentRequest().getFuture();
writeFuture.setException(exception);
writeFuture.notifyAll();
}

// Empty the session queue
while (!session.getWriteRequestQueue().isEmpty(session)) {
WriteRequest writeRequest = session.getWriteRequestQueue().poll( session );
WriteFuture writeFuture = writeRequest.getFuture();
writeFuture.setException(exception);
writeFuture.notifyAll();
}

// We *must* shutdown session
session.closeNow();
break;
default:
break;
}
}

Expand Down Expand Up @@ -595,8 +622,7 @@ private void checkStatus(SSLEngineResult res) throws SSLException {
}

// First make sure that the out buffer is completely empty.
// Since we
// cannot call wrap with data left on the buffer
// Since we cannot call wrap with data left on the buffer
if (outNetBuffer != null && outNetBuffer.hasRemaining()) {
return;
}
Expand Down
1 change: 0 additions & 1 deletion mina-core/src/test/java/org/apache/mina/filter/ssl/SslTest.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -152,7 +152,6 @@ private static void connectAndSend() throws Exception {
String line = in.readLine();
//System.out.println("Client got: " + line);
socket.close();

}

private static SSLContext createSSLContext() throws IOException, GeneralSecurityException {
Expand Down

2 comments on commit 73e881a

@SubhashC37
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is this the fix for CVE-2019-0231???

@elecharny
Copy link
Contributor Author

@elecharny elecharny commented on 73e881a Apr 25, 2019 via email

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please sign in to comment.