From 039c7386d0f3087d7c8aa19ea6001b24c95b9f16 Mon Sep 17 00:00:00 2001 From: Simone Bordet Date: Mon, 22 Mar 2021 10:47:56 +0100 Subject: [PATCH] Fixes #6072 - jetty server high CPU when client send data length > 17408. Updates after review. Signed-off-by: Simone Bordet --- .../org/eclipse/jetty/io/ssl/SslConnection.java | 13 ++++++------- 1 file changed, 6 insertions(+), 7 deletions(-) diff --git a/jetty-io/src/main/java/org/eclipse/jetty/io/ssl/SslConnection.java b/jetty-io/src/main/java/org/eclipse/jetty/io/ssl/SslConnection.java index 420ae723b3fc..f85c5f788ea9 100644 --- a/jetty-io/src/main/java/org/eclipse/jetty/io/ssl/SslConnection.java +++ b/jetty-io/src/main/java/org/eclipse/jetty/io/ssl/SslConnection.java @@ -712,13 +712,15 @@ public int fill(ByteBuffer buffer) throws IOException return filled = -1; case BUFFER_UNDERFLOW: - if (netFilled > 0) + if (BufferUtil.space(_encryptedInput) == 0) { - if (BufferUtil.space(_encryptedInput) > 0) - continue; // try filling some more BufferUtil.clear(_encryptedInput); throw new SSLHandshakeException("Encrypted buffer max length exceeded"); } + + if (netFilled > 0) + continue; // try filling some more + _underflown = true; if (netFilled < 0 && _sslEngine.getUseClientMode()) { @@ -1423,9 +1425,7 @@ private boolean isRenegotiating() return false; if (isTLS13()) return false; - if (_sslEngine.getHandshakeStatus() == HandshakeStatus.NOT_HANDSHAKING) - return false; - return true; + return _sslEngine.getHandshakeStatus() != HandshakeStatus.NOT_HANDSHAKING; } private boolean allowRenegotiate() @@ -1559,6 +1559,5 @@ public String toString() return String.format("SSL@%h.DEP.writeCallback", SslConnection.this); } } - } }