NIFI-11680 Corrected Buffer Size Calculation for Connection Balancing (#7370)

- Resolved BufferOverflowException in PeerChannel with Bouncy Castle Provider
- Changed prepareForWrite() to use Destination Buffer remaining instead of Application Buffer Size
- Changed encrypt() to Packet Buffer Size instead of Application Buffer Size
This commit is contained in:
exceptionfactory 2023-06-13 10:01:27 -05:00 committed by GitHub
parent 787e0d8261
commit 9c2f15cc18
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 11 additions and 9 deletions

View File

@ -162,12 +162,13 @@ public class PeerChannel implements Closeable {
while (plaintext.hasRemaining()) { while (plaintext.hasRemaining()) {
encrypt(plaintext); encrypt(plaintext);
final int bytesRemaining = prepared.capacity() - prepared.position(); final int destinationBufferRemaining = destinationBuffer.remaining();
if (bytesRemaining < destinationBuffer.remaining()) { if (prepared.remaining() < destinationBufferRemaining) {
final ByteBuffer temp = ByteBuffer.allocate(prepared.capacity() + sslEngine.getSession().getApplicationBufferSize()); // Expand Prepared Buffer to hold current bytes plus remaining size of Destination Buffer
final ByteBuffer expanded = ByteBuffer.allocate(prepared.capacity() + destinationBufferRemaining);
prepared.flip(); prepared.flip();
temp.put(prepared); expanded.put(prepared);
prepared = temp; prepared = expanded;
} }
prepared.put(destinationBuffer); prepared.put(destinationBuffer);
@ -289,11 +290,12 @@ public class PeerChannel implements Closeable {
case CLOSED: case CLOSED:
throw new IOException("Failed to encrypt data to write to Peer " + peerDescription + " because Peer unexpectedly closed connection"); throw new IOException("Failed to encrypt data to write to Peer " + peerDescription + " because Peer unexpectedly closed connection");
case BUFFER_OVERFLOW: case BUFFER_OVERFLOW:
// destinationBuffer is not large enough. Need to increase the size. // Expand Destination Buffer using current capacity plus encrypted Packet Buffer Size
final ByteBuffer tempBuffer = ByteBuffer.allocate(destinationBuffer.capacity() + sslEngine.getSession().getApplicationBufferSize()); final int packetBufferSize = sslEngine.getSession().getPacketBufferSize();
final ByteBuffer expanded = ByteBuffer.allocate(destinationBuffer.capacity() + packetBufferSize);
destinationBuffer.flip(); destinationBuffer.flip();
tempBuffer.put(destinationBuffer); expanded.put(destinationBuffer);
destinationBuffer = tempBuffer; destinationBuffer = expanded;
break; break;
case BUFFER_UNDERFLOW: case BUFFER_UNDERFLOW:
// We should never get this result on a call to SSLEngine.wrap(), only on a call to unwrap(). // We should never get this result on a call to SSLEngine.wrap(), only on a call to unwrap().