8214418: half-closed SSLEngine status may cause application dead loop

Reviewed-by: jnimeh, dfuchs, chegar
2025-08-27 14:54:52 +02:00 · 2019-01-14 10:00:45 -08:00 · 2019-01-14 10:00:45 -08:00 · d81c4896a8
commit d81c4896a8
parent 70ba959a4b
3 changed files with 15 additions and 10 deletions
--- a/src/java.base/share/classes/sun/security/ssl/Ciphertext.java
+++ b/src/java.base/share/classes/sun/security/ssl/Ciphertext.java
@ -31,8 +31,6 @@ import javax.net.ssl.SSLEngineResult.HandshakeStatus;
 * Ciphertext
 */
 final class Ciphertext {
-    static final Ciphertext CIPHERTEXT_NULL = new Ciphertext();
-
    final byte contentType;
    final byte handshakeType;
    final long recordSN;
--- a/src/java.base/share/classes/sun/security/ssl/SSLEngineImpl.java
+++ b/src/java.base/share/classes/sun/security/ssl/SSLEngineImpl.java
@ -247,6 +247,19 @@ final class SSLEngineImpl extends SSLEngine implements SSLTransport {
            hsStatus = ciphertext.handshakeStatus;
        } else {
            hsStatus = getHandshakeStatus();
+            if (ciphertext == null && !conContext.isNegotiated &&
+                    conContext.isInboundClosed() &&
+                    hsStatus == HandshakeStatus.NEED_WRAP) {
+                // Even the outboud is open, no futher data could be wrapped as:
+                //     1. the outbound is empty
+                //     2. no negotiated connection
+                //     3. the inbound has closed, cannot complete the handshake
+                //
+                // Mark the engine as closed if the handshake status is
+                // NEED_WRAP. Otherwise, it could lead to dead loops in
+                // applications.
+                status = Status.CLOSED;
+            }
        }

        int deltaSrcs = srcsRemains;
@ -279,7 +292,7 @@ final class SSLEngineImpl extends SSLEngine implements SSLTransport {
        }

        if (ciphertext == null) {
-            return Ciphertext.CIPHERTEXT_NULL;
+            return null;
        }

        // Is the handshake completed?
--- a/src/java.base/share/classes/sun/security/ssl/TransportContext.java
+++ b/src/java.base/share/classes/sun/security/ssl/TransportContext.java
@ -577,13 +577,7 @@ class TransportContext implements ConnectionContext {
            } else if (!isOutboundClosed()) {
                // Special case that the inbound was closed, but outbound open.
                return HandshakeStatus.NEED_WRAP;
-            }
-        } else if (isOutboundClosed() && !isInboundClosed()) {
-            // Special case that the outbound was closed, but inbound open.
-            return HandshakeStatus.NEED_UNWRAP;
-        } else if (!isOutboundClosed() && isInboundClosed()) {
-            // Special case that the inbound was closed, but outbound open.
-            return HandshakeStatus.NEED_WRAP;
+            }   // Otherwise, both inbound and outbound are closed.
        }

        return HandshakeStatus.NOT_HANDSHAKING;