Remove "max" limit on buffer size for SSL connections

The original implementation of JSSEContext allocated buffers for the SSL data which started off at a size determined using information from the SSLSession, and which were allowed to grow to up to ten times their original size. When testing with jabber.org it was fairly easy to exceed this size (e.g. requiring a buffer of ~650K where the maximum value had been around 160K), meaning that applications would fail. This change removes the upper limit altogether. Now, the buffer will grow to whatever is required, so long as free memory is available. I also renamed "enlargeBuffer" in response to a previous review comment Test-information: No longer see problems when talking to jabber.org over SSL. Instrumentation shows that buffer is growing as expected.
author: Nick Hudson <nick.hudson@isode.com> 2012-04-25 14:32:39 (GMT)
committer: Kevin Smith <git@kismith.co.uk> 2012-04-27 11:06:19 (GMT)
commit: 9217dc0c6033f9d70c87ba4a84f5bbafe2c1e6ac (patch)
tree: e691768f08b1ee06b59bbd65b7c6604eefb5209d /src/com/isode/stroke/tls
parent: 407ea69176af9045f3f07bbcafd8d1c718846711 (diff)
download: stroke-9217dc0c6033f9d70c87ba4a84f5bbafe2c1e6ac.zip
stroke-9217dc0c6033f9d70c87ba4a84f5bbafe2c1e6ac.tar.bz2
1 files changed, 24 insertions, 64 deletions
diff --git a/src/com/isode/stroke/tls/java/JSSEContext.java b/src/com/isode/stroke/tls/java/JSSEContext.java
index c8e0640..1bdf5a7 100644
--- a/src/com/isode/stroke/tls/java/JSSEContext.java
+++ b/src/com/isode/stroke/tls/java/JSSEContext.java
@@ -149,12 +149,7 @@ public class JSSEContext extends TLSContext {
          * amount.
          */
         appBufferSize = sslEngine.getSession().getApplicationBufferSize();
-        
-        /*
-         * Don't grow application buffers bigger than this
-         */
-        appBufferMax = (appBufferSize * 10);
-        
+                
         /* "A SSLEngine using this session may generate SSL/TLS packets of
          * any size up to and including the value returned by this method"
          * 
@@ -164,10 +159,6 @@ public class JSSEContext extends TLSContext {
          * "handleDataFromNetwork()".
          */        
         netBufferSize = sslEngine.getSession().getPacketBufferSize();
-        /*
-         * Don't grow network buffers bigger than this
-         */
-        netBufferMax = (netBufferSize * 10);
         
         /* All buffers are normally in "write" mode. Access to all of them
          * must be synchronized
@@ -251,7 +242,7 @@ public class JSSEContext extends TLSContext {
                     
                     switch (status) {
                     case BUFFER_OVERFLOW :
-                        unwrappedReceived = enlargeBuffer("unwrappedReceived",unwrappedReceived,appBufferSize, appBufferMax);
+                        unwrappedReceived = getLargerBuffer("unwrappedReceived",unwrappedReceived,appBufferSize);
                         unwrapDone = false;
                         break;
                         
@@ -375,8 +366,8 @@ public class JSSEContext extends TLSContext {
                     
                     
                     if (status == Status.BUFFER_OVERFLOW) {
-                        wrappedToSend = enlargeBuffer(
-                                "wrappedToSend", wrappedToSend, netBufferSize, netBufferMax);
+                        wrappedToSend = getLargerBuffer(
+                                "wrappedToSend", wrappedToSend, netBufferSize);
                     }
                     else {
                         wrapDone = true;
@@ -499,29 +490,23 @@ public class JSSEContext extends TLSContext {
     
     /**
      * Create a ByteBuffer that is a copy of an existing buffer, but with a
-     * larger capacity.
+     * larger capacity. Note that no limits are imposed on the size of the
+     * new buffer, and so repeated calls to this method will eventually
+     * exhaust memory.
      * @param bufferName the name of the buffer, for logging purposes
      * @param bb the original ByteBuffer
      * @param growBy how many bytes to grow the buffer by
-     * @param maxSize the maximum size that the output buffer is allowed to be
      * @return a ByteBuffer that will have been enlarged by <em>growBy</em>
-     * @throws BufferOverflowException if adding <em>growBy</em> would take
-     * the buffer's size to greater than <em>maxSize</em>
      */
-    private ByteBuffer enlargeBuffer(
-            String bufferName, ByteBuffer bb, int growBy, int maxSize) 
-    throws SSLException {
+    private ByteBuffer getLargerBuffer(
+            String bufferName, ByteBuffer bb, int growBy) {
         int newSize = bb.capacity() + growBy;
-        if (newSize <= maxSize) {
-            logger_.fine("Buffer " + bufferName + 
-                    " growing from " + bb.capacity() + " to " + newSize);
-            ByteBuffer temp = ByteBuffer.allocate(newSize);
-            bb.flip();
-            temp.put(bb);
-            return temp;
-        }
-        throw new SSLException("Buffer for " + bufferName + 
-                " exceeded maximum size of " + maxSize);
+        logger_.fine("Buffer " + bufferName + 
+                " growing from " + bb.capacity() + " to " + newSize);
+        ByteBuffer temp = ByteBuffer.allocate(newSize);
+        bb.flip();
+        temp.put(bb);
+        return temp;
     }
     
     /**
@@ -704,18 +689,10 @@ public class JSSEContext extends TLSContext {
             synchronized(recvMutex) {
                 int chunkSize = encryptedReceived.remaining();
                 if (chunkSize == 0) {
-                    try {
-                        encryptedReceived = enlargeBuffer(
-                                "encryptedReceived", encryptedReceived, netBufferSize, netBufferMax);
-                        /* We know that this will now give us a non-zero value */
-                        chunkSize = encryptedReceived.remaining();
-                    }
-                    catch (SSLException e) {
-                        /* Enlarging buffer failed */
-                        emitError(e, "encryptedReceived buffer reached maximum size");
-                        return;                        
-                    }
-                    
+                    encryptedReceived = getLargerBuffer(
+                            "encryptedReceived", encryptedReceived, netBufferSize);
+                    /* We know that this will now give us a non-zero value */
+                    chunkSize = encryptedReceived.remaining();                    
                 }
                 if (remaining <= chunkSize) {
                     /* There's room in the buffer for all remaining bytes */
@@ -772,17 +749,10 @@ public class JSSEContext extends TLSContext {
         while (remaining > 0) {
             synchronized(sendMutex) {
                 int chunkSize = plainToSend.remaining();
-                if (chunkSize == 0) {
-                    try {
-                        plainToSend = enlargeBuffer("plainToSend", plainToSend, appBufferSize, appBufferMax);
-                        /* We know that this will now give us a non-zero value */
-                        chunkSize = plainToSend.remaining();
-                    }
-                    catch (SSLException e) {
-                        /* Enlarging buffer failed */
-                        emitError(e, "plainToSend buffer reached maximum size");
-                        return;
-                    }
+                if (chunkSize == 0) {              
+                    plainToSend = getLargerBuffer("plainToSend", plainToSend, appBufferSize);
+                    /* We know that this will now give us a non-zero value */
+                    chunkSize = plainToSend.remaining();
                 }
                 if (remaining <= chunkSize) {
                     /* There's room in the buffer for all remaining bytes */
@@ -915,23 +885,13 @@ public class JSSEContext extends TLSContext {
      * message), the buffer will be increased by this amount.
      */
     private int appBufferSize;
-    
-    /**
-     * The maximum amount to grow any buffer for application data
-     */
-    private int appBufferMax;
-    
+        
     /** 
      * Initial size of buffer used for encrypted data to/from SSL.
      */
     private int netBufferSize;
     
     /**
-     * The maximum amount to grow any buffer for network data
-     */
-    private int netBufferMax;
-    
-    /**
      * Contains encrypted information produced by the SSLEngine which is
      * waiting to be sent over the socket
      */
author	Nick Hudson <nick.hudson@isode.com>	2012-04-25 14:32:39 (GMT)
committer	Kevin Smith <git@kismith.co.uk>	2012-04-27 11:06:19 (GMT)
commit	9217dc0c6033f9d70c87ba4a84f5bbafe2c1e6ac (patch)
tree	e691768f08b1ee06b59bbd65b7c6604eefb5209d /src/com/isode/stroke/tls
parent	407ea69176af9045f3f07bbcafd8d1c718846711 (diff)
download	stroke-9217dc0c6033f9d70c87ba4a84f5bbafe2c1e6ac.zip stroke-9217dc0c6033f9d70c87ba4a84f5bbafe2c1e6ac.tar.bz2