Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.

Bug 1269979

Summary: [GSS](6.4.z) org.jboss.sun.net.httpserver.SSLStreams return 0 upon eof instead of -1
Product: [JBoss] JBoss Enterprise Application Platform 6 Reporter: Aaron Ogburn <aogburn>
Component: OtherAssignee: Aaron Ogburn <aogburn>
Status: CLOSED CURRENTRELEASE QA Contact: Pavel Slavicek <pslavice>
Severity: high Docs Contact: eap-docs <eap-docs>
Priority: high    
Version: 6.4.4CC: aogburn, bmaxwell, istudens, jason.greene, jawilson, rhatlapa, vtunka
Target Milestone: CR1   
Target Release: EAP 6.4.6   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1235746, 1270007    
Attachments:
Description Flags
01514173.btm none

Description Aaron Ogburn 2015-10-08 17:11:41 UTC 
Created attachment 1081060 [details]
01514173.btm

Description of problem:

org.jboss.sun.net.httpserver.SSLStreams$InputStream does not return -1 in the event of an eof.  It improperly returns 0 instead.  This means read loops until an -1 return occurs can loop endlessly.  That can produce high CPU loops in calls like:

"HttpManagementService-threads - 384" #6598 prio=5 os_prio=0 tid=0x00007fc2441c9800 nid=0x3045 runnable [0x00007fc1f623b000]
java.lang.Thread.State: RUNNABLE
    at java.io.FilterInputStream.read(FilterInputStream.java:107)
    at org.jboss.sun.net.httpserver.AuthFilter.consumeInput(AuthFilter.java:54)
    at org.jboss.sun.net.httpserver.AuthFilter.doFilter(AuthFilter.java:72)
    at org.jboss.com.sun.net.httpserver.Filter$Chain.doFilter(Filter.java:81)
    at org.jboss.sun.net.httpserver.ServerImpl$Exchange$LinkHandler.handle(ServerImpl.java:710)
    at org.jboss.com.sun.net.httpserver.Filter$Chain.doFilter(Filter.java:78)
    at org.jboss.as.domain.http.server.RealmReadinessFilter.doFilter(RealmReadinessFilter.java:48)
    at org.jboss.as.domain.http.server.DmrFailureReadinessFilter.doFilter(DmrFailureReadinessFilter.java:45)


Version-Release number of selected component (if applicable):

EAP 6.4.4


How reproducible:

Potentially reproducible with network issues


Steps to Reproduce:
1. Set up console for https access
2. Use byteman with the attached script to force an eof in the ssl stream:

JAVA_OPTS="$JAVA_OPTS -javaagent:/path/to/lib/byteman.jar=script:/home/aaron/path/to/01514173.btm,boot:/path/to/lib/byteman.jar"

3. Start JBoss and make curl request like so:

curl --insecure -v https://localhost:9443/management/add-content -F "file=@/path/to/large/app.war"

Actual results:

The SSLStream returns 0 upon eof and allows for org.jboss.sun.net.httpserver.AuthFilter.consumeInput to loop endlessly

Expected results:

The SSLStream returns -1 upon eof


Additional info:
Comment 1 Aaron Ogburn 2015-10-08 18:26:38 UTC 
PR: https://github.com/jbossas/httpserver/pull/4
Comment 5 Radim Hatlapatka 2016-01-13 14:28:44 UTC 
Verified with EAP 6.4.6.CP.CR2
Comment 6 Petr Penicka 2017-01-17 11:48:00 UTC 
Retroactively bulk-closing issues from released EAP 6.4 cumulative patches.
Comment 7 Petr Penicka 2017-01-17 11:48:23 UTC 
Retroactively bulk-closing issues from released EAP 6.4 cumulative patches.