[JBoss JIRA] Closed: (NETTY-230) 'bad handshake record MAC' error and IndexOutOfBoundsException on SSL closure

Trustin Lee (JIRA) jira-events at lists.jboss.org
Tue Sep 22 06:07:02 EDT 2009 

     [ https://jira.jboss.org/jira/browse/NETTY-230?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Trustin Lee closed NETTY-230.
-----------------------------

    Resolution: Done


Fixed at revision 1738.  Further clean-up and documentation were made at revision 1739 and 1740.

http://fisheye.jboss.org/browse/Netty/trunk/src/main/java/org/jboss/netty/handler/ssl/SslHandler.java?r1=1737&r2=1740&u=3&ignore=&k=

> 'bad handshake record MAC' error and IndexOutOfBoundsException on SSL closure
> -----------------------------------------------------------------------------
>
>                 Key: NETTY-230
>                 URL: https://jira.jboss.org/jira/browse/NETTY-230
>             Project: Netty
>          Issue Type: Bug
>          Components: Handler
>            Reporter: Trustin Lee
>            Assignee: Trustin Lee
>             Fix For: 3.1.4.GA
>
>
> The following steps trigger an SSLException and an IndexOutOfBoundsException randomly:
>         // 1) An SSL packet is received from the wire.
>         // 2) SslHandler.decode() deciphers the packet and calls the user code.
>         // 3) The user closes the channel in the same thread.
>         // 4) The same thread triggers a channelDisconnected() event.
>         // 5) FrameDecoder.cleanup() is called, and it calls SslHandler.decode().
>         // 6) SslHandler.decode() will feed the same packet with what was
>         //    deciphered at the step 2 again if the readerIndex was not advanced
>         //    before calling the user code.
> And here's an example stack trace:
> javax.net.ssl.SSLHandshakeException: bad handshake record MAC
> 	at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:174)
> 	at com.sun.net.ssl.internal.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1390)
> 	at com.sun.net.ssl.internal.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1358)
> 	at com.sun.net.ssl.internal.ssl.SSLEngineImpl.readRecord(SSLEngineImpl.java:902)
> 	at com.sun.net.ssl.internal.ssl.SSLEngineImpl.readNetRecord(SSLEngineImpl.java:810)
> 	at com.sun.net.ssl.internal.ssl.SSLEngineImpl.unwrap(SSLEngineImpl.java:686)
> 	at javax.net.ssl.SSLEngine.unwrap(SSLEngine.java:607)
> 	at org.jboss.netty.handler.ssl.SslHandler.unwrap(SslHandler.java:748)
> 	at org.jboss.netty.handler.ssl.SslHandler.decode(SslHandler.java:477)
> 	at org.jboss.netty.handler.codec.frame.FrameDecoder.callDecode(FrameDecoder.java:282)
> 	at org.jboss.netty.handler.codec.frame.FrameDecoder.cleanup(FrameDecoder.java:331)
> 	at org.jboss.netty.handler.codec.frame.FrameDecoder.channelDisconnected(FrameDecoder.java:226)
> 	at org.jboss.netty.handler.ssl.SslHandler.channelDisconnected(SslHandler.java:401)
> 	at org.jboss.netty.channel.Channels.fireChannelDisconnected(Channels.java:502)
> 	at org.jboss.netty.channel.socket.nio.NioWorker.close(NioWorker.java:584)
> 	at org.jboss.netty.channel.socket.nio.NioServerSocketPipelineSink.handleAcceptedSocket(NioServerSocketPipelineSink.java:119)
> 	at org.jboss.netty.channel.socket.nio.NioServerSocketPipelineSink.eventSunk(NioServerSocketPipelineSink.java:76)
> 	at org.jboss.netty.channel.Channels.close(Channels.java:1081)
> 	at org.jboss.netty.handler.ssl.SslHandler$ClosingChannelFutureListener.operationComplete(SslHandler.java:906)
> 	at org.jboss.netty.channel.DefaultChannelFuture.notifyListener(DefaultChannelFuture.java:366)
> 	at org.jboss.netty.channel.DefaultChannelFuture.addListener(DefaultChannelFuture.java:139)
> 	at org.jboss.netty.handler.ssl.SslHandler.closeOutboundAndChannel(SslHandler.java:874)
> 	at org.jboss.netty.handler.ssl.SslHandler.handleDownstream(SslHandler.java:348)
> 	at org.jboss.netty.channel.Channels.close(Channels.java:1065)
> 	at org.jboss.netty.channel.AbstractChannel.close(AbstractChannel.java:178)
> 	at org.jboss.netty.channel.ChannelFutureListener$1.operationComplete(ChannelFutureListener.java:46)
> 	at org.jboss.netty.channel.DefaultChannelFuture.notifyListener(DefaultChannelFuture.java:366)
> 	at org.jboss.netty.channel.DefaultChannelFuture.addListener(DefaultChannelFuture.java:139)
> 	........ USER CODE that initiates the closure ........
> 	at org.jboss.netty.channel.DefaultChannelFuture.notifyListener(DefaultChannelFuture.java:366)
> 	at org.jboss.netty.channel.DefaultChannelFuture.notifyListeners(DefaultChannelFuture.java:352)
> 	at org.jboss.netty.channel.DefaultChannelFuture.setSuccess(DefaultChannelFuture.java:303)
> 	at org.jboss.netty.handler.ssl.SslHandler.setHandshakeSuccess(SslHandler.java:844)
> 	at org.jboss.netty.handler.ssl.SslHandler.wrapNonAppData(SslHandler.java:689)
> 	at org.jboss.netty.handler.ssl.SslHandler.unwrap(SslHandler.java:761)
> 	at org.jboss.netty.handler.ssl.SslHandler.decode(SslHandler.java:477)
> 	at org.jboss.netty.handler.codec.frame.FrameDecoder.callDecode(FrameDecoder.java:282)
> 	at org.jboss.netty.handler.codec.frame.FrameDecoder.messageReceived(FrameDecoder.java:214)
> 	at org.jboss.netty.channel.Channels.fireMessageReceived(Channels.java:345)
> 	at org.jboss.netty.channel.Channels.fireMessageReceived(Channels.java:332)
> 	at org.jboss.netty.channel.socket.nio.NioWorker.read(NioWorker.java:323)
> 	at org.jboss.netty.channel.socket.nio.NioWorker.processSelectedKeys(NioWorker.java:275)
> 	at org.jboss.netty.channel.socket.nio.NioWorker.run(NioWorker.java:196)
> 	at org.jboss.netty.util.internal.IoWorkerRunnable.run(IoWorkerRunnable.java:46)
> 	at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886)
> 	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908)
> 	at java.lang.Thread.run(Thread.java:619)
> java.lang.IndexOutOfBoundsException
> 	at org.jboss.netty.buffer.AbstractChannelBuffer.skipBytes(AbstractChannelBuffer.java:343)
> 	at org.jboss.netty.handler.ssl.SslHandler.decode(SslHandler.java:479)
> 	at org.jboss.netty.handler.codec.frame.FrameDecoder.callDecode(FrameDecoder.java:282)
> 	at org.jboss.netty.handler.codec.frame.FrameDecoder.messageReceived(FrameDecoder.java:214)
> 	at org.jboss.netty.channel.Channels.fireMessageReceived(Channels.java:345)
> 	at org.jboss.netty.channel.Channels.fireMessageReceived(Channels.java:332)
> 	at org.jboss.netty.channel.socket.nio.NioWorker.read(NioWorker.java:323)
> 	at org.jboss.netty.channel.socket.nio.NioWorker.processSelectedKeys(NioWorker.java:275)
> 	at org.jboss.netty.channel.socket.nio.NioWorker.run(NioWorker.java:196)
> 	at org.jboss.netty.util.internal.IoWorkerRunnable.run(IoWorkerRunnable.java:46)
> 	at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886)
> 	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908)
> 	at java.lang.Thread.run(Thread.java:619)
> The IndexOutOfBoundsException seems to be triggered by the first exception for some reason.  To fix this issue, we have to advance the buffer's readerIndex before calling unwrap().

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: https://jira.jboss.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira

More information about the netty-dev mailing list