ASF Bugzilla – Attachment 35056 Details for
Bug 60461
SIGSEGV in SSLSocket.getInfos
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
Patch for OpenSSLEngine
sslengine_crash.patch (text/plain), 5.29 KB, created by
Remy Maucherat
on 2017-06-14 11:54:47 UTC
(
hide
)
Description:
Patch for OpenSSLEngine
Filename:
MIME Type:
Creator:
Remy Maucherat
Created:
2017-06-14 11:54:47 UTC
Size:
5.29 KB
patch
obsolete
>Index: java/org/apache/tomcat/util/net/openssl/OpenSSLEngine.java >=================================================================== >--- java/org/apache/tomcat/util/net/openssl/OpenSSLEngine.java (revision 1798660) >+++ java/org/apache/tomcat/util/net/openssl/OpenSSLEngine.java (working copy) >@@ -1041,8 +1041,13 @@ > > @Override > public byte[] getId() { >- // We don't cache that to keep memory usage to a minimum. >- byte[] id = SSL.getSessionId(ssl); >+ byte[] id; >+ synchronized (OpenSSLEngine.this) { >+ if (destroyed) { >+ throw new IllegalStateException(sm.getString("engine.noSession")); >+ } >+ id = SSL.getSessionId(ssl); >+ } > if (id == null) { > // The id should never be null, if it was null then the SESSION itself was not valid. > throw new IllegalStateException(sm.getString("engine.noSession")); >@@ -1058,7 +1063,14 @@ > @Override > public long getCreationTime() { > // We need to multiply by 1000 as OpenSSL uses seconds and we need milliseconds. >- return SSL.getTime(ssl) * 1000L; >+ long creationTime = 0; >+ synchronized (OpenSSLEngine.this) { >+ if (destroyed) { >+ throw new IllegalStateException(sm.getString("engine.noSession")); >+ } >+ creationTime = SSL.getTime(ssl); >+ } >+ return creationTime * 1000L; > } > > @Override >@@ -1140,19 +1152,22 @@ > // these are lazy created to reduce memory overhead > Certificate[] c = peerCerts; > if (c == null) { >- if (SSL.isInInit(ssl) != 0) { >- throw new SSLPeerUnverifiedException(sm.getString("engine.unverifiedPeer")); >- } >- byte[][] chain = SSL.getPeerCertChain(ssl); > byte[] clientCert; >- if (!clientMode) { >- // if used on the server side SSL_get_peer_cert_chain(...) will not include the remote peer certificate. >- // We use SSL_get_peer_certificate to get it in this case and add it to our array later. >- // >- // See https://www.openssl.org/docs/ssl/SSL_get_peer_cert_chain.html >- clientCert = SSL.getPeerCertificate(ssl); >- } else { >- clientCert = null; >+ byte[][] chain; >+ synchronized (OpenSSLEngine.this) { >+ if (destroyed || SSL.isInInit(ssl) != 0) { >+ throw new SSLPeerUnverifiedException(sm.getString("engine.unverifiedPeer")); >+ } >+ chain = SSL.getPeerCertChain(ssl); >+ if (!clientMode) { >+ // if used on the server side SSL_get_peer_cert_chain(...) will not include the remote peer certificate. >+ // We use SSL_get_peer_certificate to get it in this case and add it to our array later. >+ // >+ // See https://www.openssl.org/docs/ssl/SSL_get_peer_cert_chain.html >+ clientCert = SSL.getPeerCertificate(ssl); >+ } else { >+ clientCert = null; >+ } > } > if (chain == null && clientCert == null) { > return null; >@@ -1193,10 +1208,13 @@ > // these are lazy created to reduce memory overhead > X509Certificate[] c = x509PeerCerts; > if (c == null) { >- if (SSL.isInInit(ssl) != 0) { >- throw new SSLPeerUnverifiedException(sm.getString("engine.unverifiedPeer")); >+ byte[][] chain; >+ synchronized (OpenSSLEngine.this) { >+ if (destroyed || SSL.isInInit(ssl) != 0) { >+ throw new SSLPeerUnverifiedException(sm.getString("engine.unverifiedPeer")); >+ } >+ chain = SSL.getPeerCertChain(ssl); > } >- byte[][] chain = SSL.getPeerCertChain(ssl); > if (chain == null) { > throw new SSLPeerUnverifiedException(sm.getString("engine.unverifiedPeer")); > } >@@ -1241,7 +1259,14 @@ > return INVALID_CIPHER; > } > if (cipher == null) { >- String c = OpenSSLCipherConfigurationParser.openSSLToJsse(SSL.getCipherForSSL(ssl)); >+ String ciphers; >+ synchronized (OpenSSLEngine.this) { >+ if (destroyed) { >+ return INVALID_CIPHER; >+ } >+ ciphers = SSL.getCipherForSSL(ssl); >+ } >+ String c = OpenSSLCipherConfigurationParser.openSSLToJsse(ciphers); > if (c != null) { > cipher = c; > } >@@ -1251,6 +1276,7 @@ > > @Override > public String getProtocol() { >+ // No sync as ALPN is called when opening the connection > String applicationProtocol = OpenSSLEngine.this.applicationProtocol; > if (applicationProtocol == null) { > applicationProtocol = SSL.getNextProtoNegotiated(ssl); >
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 60461
:
34512
|
34790
|
35004
|
35051
| 35056 |
35069