473832 SslConnection flips back buffers on handshake exception

2015-07-30 11:52:31 +10:00 · 2015-07-30 11:52:31 +10:00 · a568ee6f17
parent 4a727a7f08
commit a568ee6f17
2 changed files with 33 additions and 4 deletions
--- a/jetty-io/src/main/java/org/eclipse/jetty/io/ssl/SslConnection.java
+++ b/jetty-io/src/main/java/org/eclipse/jetty/io/ssl/SslConnection.java
@ -503,8 +503,15 @@ public class SslConnection extends AbstractConnection
                        // Let's unwrap even if we have no net data because in that
                        // case we want to fall through to the handshake handling
                        int pos = BufferUtil.flipToFill(app_in);
-                        SSLEngineResult unwrapResult = _sslEngine.unwrap(_encryptedInput, app_in);
-                        BufferUtil.flipToFlush(app_in, pos);
+                        SSLEngineResult unwrapResult;
+                        try
+                        {
+                            unwrapResult = _sslEngine.unwrap(_encryptedInput, app_in);
+                        }
+                        finally
+                        {
+                            BufferUtil.flipToFlush(app_in, pos);
+                        }
                        if (DEBUG)
                        {
                            LOG.debug("{} net={} unwrap {}", SslConnection.this, net_filled, unwrapResult.toString().replace('\n',' '));
@ -728,10 +735,18 @@ public class SslConnection extends AbstractConnection
                    // We call sslEngine.wrap to try to take bytes from appOut buffers and encrypt them into the _netOut buffer
                    BufferUtil.compact(_encryptedOutput);
                    int pos = BufferUtil.flipToFill(_encryptedOutput);
-                    SSLEngineResult wrapResult = _sslEngine.wrap(appOuts, _encryptedOutput);
+                    SSLEngineResult wrapResult;
+                    try
+                    {
+                        wrapResult = _sslEngine.wrap(appOuts, _encryptedOutput);
+                    }
+                    finally
+                    {
+                        BufferUtil.flipToFlush(_encryptedOutput, pos);
+                    }
                    if (DEBUG)
                        LOG.debug("{} wrap {}", SslConnection.this, wrapResult.toString().replace('\n',' '));
-                    BufferUtil.flipToFlush(_encryptedOutput, pos);
+                    
                    Status wrapResultStatus = wrapResult.getStatus();

                    boolean allConsumed=true;
--- a/jetty-server/src/test/java/org/eclipse/jetty/server/ssl/SslConnectionFactoryTest.java
+++ b/jetty-server/src/test/java/org/eclipse/jetty/server/ssl/SslConnectionFactoryTest.java
@ -21,6 +21,7 @@ package org.eclipse.jetty.server.ssl;
 import java.io.File;
 import java.io.FileNotFoundException;
 import java.io.IOException;
+import java.io.OutputStream;
 import java.net.Socket;
 import java.nio.charset.StandardCharsets;
 import java.security.cert.X509Certificate;
@ -142,6 +143,19 @@ public class SslConnectionFactoryTest
        Assert.assertThat(response,Matchers.containsString("url=/ctx/path"));
        return response;
    }
+
+    @Test
+    public void testBadHandshake() throws Exception
+    {
+        try(Socket socket=new Socket("127.0.0.1", _port); OutputStream out = socket.getOutputStream())
+        {
+            out.write("Rubbish".getBytes());
+            out.flush();
+            
+            Assert.assertThat(socket.getInputStream().read(),Matchers.equalTo(-1));
+        }
+        
+    }
    
    private String getResponse(String sniHost,String reqHost, String cn) throws Exception
    {