[JBoss JIRA] Created: (NETTY-230) 'bad handshake record MAC' error and IndexOutOfBoundsException on SSL closure

Trustin Lee (JIRA) jira-events at lists.jboss.org
Tue Sep 22 06:03:49 EDT 2009 

'bad handshake record MAC' error and IndexOutOfBoundsException on SSL closure
-----------------------------------------------------------------------------

                 Key: NETTY-230
                 URL: https://jira.jboss.org/jira/browse/NETTY-230
             Project: Netty
          Issue Type: Bug
          Components: Handler
            Reporter: Trustin Lee
            Assignee: Trustin Lee
             Fix For: 3.1.4.GA


The following steps trigger an SSLException and an IndexOutOfBoundsException randomly:

        // 1) An SSL packet is received from the wire.
        // 2) SslHandler.decode() deciphers the packet and calls the user code.
        // 3) The user closes the channel in the same thread.
        // 4) The same thread triggers a channelDisconnected() event.
        // 5) FrameDecoder.cleanup() is called, and it calls SslHandler.decode().
        // 6) SslHandler.decode() will feed the same packet with what was
        //    deciphered at the step 2 again if the readerIndex was not advanced
        //    before calling the user code.

And here's an example stack trace:

javax.net.ssl.SSLHandshakeException: bad handshake record MAC
	at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:174)
	at com.sun.net.ssl.internal.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1390)
	at com.sun.net.ssl.internal.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1358)
	at com.sun.net.ssl.internal.ssl.SSLEngineImpl.readRecord(SSLEngineImpl.java:902)
	at com.sun.net.ssl.internal.ssl.SSLEngineImpl.readNetRecord(SSLEngineImpl.java:810)
	at com.sun.net.ssl.internal.ssl.SSLEngineImpl.unwrap(SSLEngineImpl.java:686)
	at javax.net.ssl.SSLEngine.unwrap(SSLEngine.java:607)
	at org.jboss.netty.handler.ssl.SslHandler.unwrap(SslHandler.java:748)
	at org.jboss.netty.handler.ssl.SslHandler.decode(SslHandler.java:477)
	at org.jboss.netty.handler.codec.frame.FrameDecoder.callDecode(FrameDecoder.java:282)
	at org.jboss.netty.handler.codec.frame.FrameDecoder.cleanup(FrameDecoder.java:331)
	at org.jboss.netty.handler.codec.frame.FrameDecoder.channelDisconnected(FrameDecoder.java:226)
	at org.jboss.netty.handler.ssl.SslHandler.channelDisconnected(SslHandler.java:401)
	at org.jboss.netty.channel.Channels.fireChannelDisconnected(Channels.java:502)
	at org.jboss.netty.channel.socket.nio.NioWorker.close(NioWorker.java:584)
	at org.jboss.netty.channel.socket.nio.NioServerSocketPipelineSink.handleAcceptedSocket(NioServerSocketPipelineSink.java:119)
	at org.jboss.netty.channel.socket.nio.NioServerSocketPipelineSink.eventSunk(NioServerSocketPipelineSink.java:76)
	at org.jboss.netty.channel.Channels.close(Channels.java:1081)
	at org.jboss.netty.handler.ssl.SslHandler$ClosingChannelFutureListener.operationComplete(SslHandler.java:906)
	at org.jboss.netty.channel.DefaultChannelFuture.notifyListener(DefaultChannelFuture.java:366)
	at org.jboss.netty.channel.DefaultChannelFuture.addListener(DefaultChannelFuture.java:139)
	at org.jboss.netty.handler.ssl.SslHandler.closeOutboundAndChannel(SslHandler.java:874)
	at org.jboss.netty.handler.ssl.SslHandler.handleDownstream(SslHandler.java:348)
	at org.jboss.netty.channel.Channels.close(Channels.java:1065)
	at org.jboss.netty.channel.AbstractChannel.close(AbstractChannel.java:178)
	at org.jboss.netty.channel.ChannelFutureListener$1.operationComplete(ChannelFutureListener.java:46)
	at org.jboss.netty.channel.DefaultChannelFuture.notifyListener(DefaultChannelFuture.java:366)
	at org.jboss.netty.channel.DefaultChannelFuture.addListener(DefaultChannelFuture.java:139)
	........ USER CODE that initiates the closure ........
	at org.jboss.netty.channel.DefaultChannelFuture.notifyListener(DefaultChannelFuture.java:366)
	at org.jboss.netty.channel.DefaultChannelFuture.notifyListeners(DefaultChannelFuture.java:352)
	at org.jboss.netty.channel.DefaultChannelFuture.setSuccess(DefaultChannelFuture.java:303)
	at org.jboss.netty.handler.ssl.SslHandler.setHandshakeSuccess(SslHandler.java:844)
	at org.jboss.netty.handler.ssl.SslHandler.wrapNonAppData(SslHandler.java:689)
	at org.jboss.netty.handler.ssl.SslHandler.unwrap(SslHandler.java:761)
	at org.jboss.netty.handler.ssl.SslHandler.decode(SslHandler.java:477)
	at org.jboss.netty.handler.codec.frame.FrameDecoder.callDecode(FrameDecoder.java:282)
	at org.jboss.netty.handler.codec.frame.FrameDecoder.messageReceived(FrameDecoder.java:214)
	at org.jboss.netty.channel.Channels.fireMessageReceived(Channels.java:345)
	at org.jboss.netty.channel.Channels.fireMessageReceived(Channels.java:332)
	at org.jboss.netty.channel.socket.nio.NioWorker.read(NioWorker.java:323)
	at org.jboss.netty.channel.socket.nio.NioWorker.processSelectedKeys(NioWorker.java:275)
	at org.jboss.netty.channel.socket.nio.NioWorker.run(NioWorker.java:196)
	at org.jboss.netty.util.internal.IoWorkerRunnable.run(IoWorkerRunnable.java:46)
	at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886)
	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908)
	at java.lang.Thread.run(Thread.java:619)
java.lang.IndexOutOfBoundsException
	at org.jboss.netty.buffer.AbstractChannelBuffer.skipBytes(AbstractChannelBuffer.java:343)
	at org.jboss.netty.handler.ssl.SslHandler.decode(SslHandler.java:479)
	at org.jboss.netty.handler.codec.frame.FrameDecoder.callDecode(FrameDecoder.java:282)
	at org.jboss.netty.handler.codec.frame.FrameDecoder.messageReceived(FrameDecoder.java:214)
	at org.jboss.netty.channel.Channels.fireMessageReceived(Channels.java:345)
	at org.jboss.netty.channel.Channels.fireMessageReceived(Channels.java:332)
	at org.jboss.netty.channel.socket.nio.NioWorker.read(NioWorker.java:323)
	at org.jboss.netty.channel.socket.nio.NioWorker.processSelectedKeys(NioWorker.java:275)
	at org.jboss.netty.channel.socket.nio.NioWorker.run(NioWorker.java:196)
	at org.jboss.netty.util.internal.IoWorkerRunnable.run(IoWorkerRunnable.java:46)
	at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886)
	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908)
	at java.lang.Thread.run(Thread.java:619)

The IndexOutOfBoundsException seems to be triggered by the first exception for some reason.  To fix this issue, we have to advance the buffer's readerIndex before calling unwrap().

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: https://jira.jboss.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira

More information about the netty-dev mailing list