[JBoss JIRA] Closed: (NETTY-230) 'bad handshake record MAC' error and IndexOutOfBoundsException on SSL closure
Trustin Lee (JIRA)
jira-events at lists.jboss.org
Tue Sep 22 06:07:02 EDT 2009
[ https://jira.jboss.org/jira/browse/NETTY-230?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Trustin Lee closed NETTY-230.
-----------------------------
Resolution: Done
Fixed at revision 1738. Further clean-up and documentation were made at revision 1739 and 1740.
http://fisheye.jboss.org/browse/Netty/trunk/src/main/java/org/jboss/netty/handler/ssl/SslHandler.java?r1=1737&r2=1740&u=3&ignore=&k=
> 'bad handshake record MAC' error and IndexOutOfBoundsException on SSL closure
> -----------------------------------------------------------------------------
>
> Key: NETTY-230
> URL: https://jira.jboss.org/jira/browse/NETTY-230
> Project: Netty
> Issue Type: Bug
> Components: Handler
> Reporter: Trustin Lee
> Assignee: Trustin Lee
> Fix For: 3.1.4.GA
>
>
> The following steps trigger an SSLException and an IndexOutOfBoundsException randomly:
> // 1) An SSL packet is received from the wire.
> // 2) SslHandler.decode() deciphers the packet and calls the user code.
> // 3) The user closes the channel in the same thread.
> // 4) The same thread triggers a channelDisconnected() event.
> // 5) FrameDecoder.cleanup() is called, and it calls SslHandler.decode().
> // 6) SslHandler.decode() will feed the same packet with what was
> // deciphered at the step 2 again if the readerIndex was not advanced
> // before calling the user code.
> And here's an example stack trace:
> javax.net.ssl.SSLHandshakeException: bad handshake record MAC
> at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:174)
> at com.sun.net.ssl.internal.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1390)
> at com.sun.net.ssl.internal.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1358)
> at com.sun.net.ssl.internal.ssl.SSLEngineImpl.readRecord(SSLEngineImpl.java:902)
> at com.sun.net.ssl.internal.ssl.SSLEngineImpl.readNetRecord(SSLEngineImpl.java:810)
> at com.sun.net.ssl.internal.ssl.SSLEngineImpl.unwrap(SSLEngineImpl.java:686)
> at javax.net.ssl.SSLEngine.unwrap(SSLEngine.java:607)
> at org.jboss.netty.handler.ssl.SslHandler.unwrap(SslHandler.java:748)
> at org.jboss.netty.handler.ssl.SslHandler.decode(SslHandler.java:477)
> at org.jboss.netty.handler.codec.frame.FrameDecoder.callDecode(FrameDecoder.java:282)
> at org.jboss.netty.handler.codec.frame.FrameDecoder.cleanup(FrameDecoder.java:331)
> at org.jboss.netty.handler.codec.frame.FrameDecoder.channelDisconnected(FrameDecoder.java:226)
> at org.jboss.netty.handler.ssl.SslHandler.channelDisconnected(SslHandler.java:401)
> at org.jboss.netty.channel.Channels.fireChannelDisconnected(Channels.java:502)
> at org.jboss.netty.channel.socket.nio.NioWorker.close(NioWorker.java:584)
> at org.jboss.netty.channel.socket.nio.NioServerSocketPipelineSink.handleAcceptedSocket(NioServerSocketPipelineSink.java:119)
> at org.jboss.netty.channel.socket.nio.NioServerSocketPipelineSink.eventSunk(NioServerSocketPipelineSink.java:76)
> at org.jboss.netty.channel.Channels.close(Channels.java:1081)
> at org.jboss.netty.handler.ssl.SslHandler$ClosingChannelFutureListener.operationComplete(SslHandler.java:906)
> at org.jboss.netty.channel.DefaultChannelFuture.notifyListener(DefaultChannelFuture.java:366)
> at org.jboss.netty.channel.DefaultChannelFuture.addListener(DefaultChannelFuture.java:139)
> at org.jboss.netty.handler.ssl.SslHandler.closeOutboundAndChannel(SslHandler.java:874)
> at org.jboss.netty.handler.ssl.SslHandler.handleDownstream(SslHandler.java:348)
> at org.jboss.netty.channel.Channels.close(Channels.java:1065)
> at org.jboss.netty.channel.AbstractChannel.close(AbstractChannel.java:178)
> at org.jboss.netty.channel.ChannelFutureListener$1.operationComplete(ChannelFutureListener.java:46)
> at org.jboss.netty.channel.DefaultChannelFuture.notifyListener(DefaultChannelFuture.java:366)
> at org.jboss.netty.channel.DefaultChannelFuture.addListener(DefaultChannelFuture.java:139)
> ........ USER CODE that initiates the closure ........
> at org.jboss.netty.channel.DefaultChannelFuture.notifyListener(DefaultChannelFuture.java:366)
> at org.jboss.netty.channel.DefaultChannelFuture.notifyListeners(DefaultChannelFuture.java:352)
> at org.jboss.netty.channel.DefaultChannelFuture.setSuccess(DefaultChannelFuture.java:303)
> at org.jboss.netty.handler.ssl.SslHandler.setHandshakeSuccess(SslHandler.java:844)
> at org.jboss.netty.handler.ssl.SslHandler.wrapNonAppData(SslHandler.java:689)
> at org.jboss.netty.handler.ssl.SslHandler.unwrap(SslHandler.java:761)
> at org.jboss.netty.handler.ssl.SslHandler.decode(SslHandler.java:477)
> at org.jboss.netty.handler.codec.frame.FrameDecoder.callDecode(FrameDecoder.java:282)
> at org.jboss.netty.handler.codec.frame.FrameDecoder.messageReceived(FrameDecoder.java:214)
> at org.jboss.netty.channel.Channels.fireMessageReceived(Channels.java:345)
> at org.jboss.netty.channel.Channels.fireMessageReceived(Channels.java:332)
> at org.jboss.netty.channel.socket.nio.NioWorker.read(NioWorker.java:323)
> at org.jboss.netty.channel.socket.nio.NioWorker.processSelectedKeys(NioWorker.java:275)
> at org.jboss.netty.channel.socket.nio.NioWorker.run(NioWorker.java:196)
> at org.jboss.netty.util.internal.IoWorkerRunnable.run(IoWorkerRunnable.java:46)
> at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886)
> at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908)
> at java.lang.Thread.run(Thread.java:619)
> java.lang.IndexOutOfBoundsException
> at org.jboss.netty.buffer.AbstractChannelBuffer.skipBytes(AbstractChannelBuffer.java:343)
> at org.jboss.netty.handler.ssl.SslHandler.decode(SslHandler.java:479)
> at org.jboss.netty.handler.codec.frame.FrameDecoder.callDecode(FrameDecoder.java:282)
> at org.jboss.netty.handler.codec.frame.FrameDecoder.messageReceived(FrameDecoder.java:214)
> at org.jboss.netty.channel.Channels.fireMessageReceived(Channels.java:345)
> at org.jboss.netty.channel.Channels.fireMessageReceived(Channels.java:332)
> at org.jboss.netty.channel.socket.nio.NioWorker.read(NioWorker.java:323)
> at org.jboss.netty.channel.socket.nio.NioWorker.processSelectedKeys(NioWorker.java:275)
> at org.jboss.netty.channel.socket.nio.NioWorker.run(NioWorker.java:196)
> at org.jboss.netty.util.internal.IoWorkerRunnable.run(IoWorkerRunnable.java:46)
> at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886)
> at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908)
> at java.lang.Thread.run(Thread.java:619)
> The IndexOutOfBoundsException seems to be triggered by the first exception for some reason. To fix this issue, we have to advance the buffer's readerIndex before calling unwrap().
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: https://jira.jboss.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
More information about the netty-dev
mailing list