Bug 1269979 - [GSS](6.4.z) org.jboss.sun.net.httpserver.SSLStreams return 0 upon eof instead of -1
Summary: [GSS](6.4.z) org.jboss.sun.net.httpserver.SSLStreams return 0 upon eof instea...
Alias: None
Product: JBoss Enterprise Application Platform 6
Classification: JBoss
Component: Other
Version: 6.4.4
Hardware: Unspecified
OS: Unspecified
Target Milestone: CR1
: EAP 6.4.6
Assignee: Aaron Ogburn
QA Contact: Pavel Slavicek
Depends On:
Blocks: 1235746 1270007
TreeView+ depends on / blocked
Reported: 2015-10-08 17:11 UTC by Aaron Ogburn
Modified: 2019-08-15 05:37 UTC (History)
7 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Last Closed:
Type: Bug

Attachments (Terms of Use)
01514173.btm (289 bytes, text/plain)
2015-10-08 17:11 UTC, Aaron Ogburn
no flags Details

System ID Private Priority Status Summary Last Updated
Red Hat Knowledge Base (Solution) 1984473 0 None None None 2016-01-22 00:05:03 UTC

Description Aaron Ogburn 2015-10-08 17:11:41 UTC
Created attachment 1081060 [details]

Description of problem:

org.jboss.sun.net.httpserver.SSLStreams$InputStream does not return -1 in the event of an eof.  It improperly returns 0 instead.  This means read loops until an -1 return occurs can loop endlessly.  That can produce high CPU loops in calls like:

"HttpManagementService-threads - 384" #6598 prio=5 os_prio=0 tid=0x00007fc2441c9800 nid=0x3045 runnable [0x00007fc1f623b000]
java.lang.Thread.State: RUNNABLE
    at java.io.FilterInputStream.read(FilterInputStream.java:107)
    at org.jboss.sun.net.httpserver.AuthFilter.consumeInput(AuthFilter.java:54)
    at org.jboss.sun.net.httpserver.AuthFilter.doFilter(AuthFilter.java:72)
    at org.jboss.com.sun.net.httpserver.Filter$Chain.doFilter(Filter.java:81)
    at org.jboss.sun.net.httpserver.ServerImpl$Exchange$LinkHandler.handle(ServerImpl.java:710)
    at org.jboss.com.sun.net.httpserver.Filter$Chain.doFilter(Filter.java:78)
    at org.jboss.as.domain.http.server.RealmReadinessFilter.doFilter(RealmReadinessFilter.java:48)
    at org.jboss.as.domain.http.server.DmrFailureReadinessFilter.doFilter(DmrFailureReadinessFilter.java:45)

Version-Release number of selected component (if applicable):

EAP 6.4.4

How reproducible:

Potentially reproducible with network issues

Steps to Reproduce:
1. Set up console for https access
2. Use byteman with the attached script to force an eof in the ssl stream:

JAVA_OPTS="$JAVA_OPTS -javaagent:/path/to/lib/byteman.jar=script:/home/aaron/path/to/01514173.btm,boot:/path/to/lib/byteman.jar"

3. Start JBoss and make curl request like so:

curl --insecure -v https://localhost:9443/management/add-content -F "file=@/path/to/large/app.war"

Actual results:

The SSLStream returns 0 upon eof and allows for org.jboss.sun.net.httpserver.AuthFilter.consumeInput to loop endlessly

Expected results:

The SSLStream returns -1 upon eof

Additional info:

Comment 1 Aaron Ogburn 2015-10-08 18:26:38 UTC
PR: https://github.com/jbossas/httpserver/pull/4

Comment 5 Radim Hatlapatka 2016-01-13 14:28:44 UTC
Verified with EAP 6.4.6.CP.CR2

Comment 6 Petr Penicka 2017-01-17 11:48:00 UTC
Retroactively bulk-closing issues from released EAP 6.4 cumulative patches.

Comment 7 Petr Penicka 2017-01-17 11:48:23 UTC
Retroactively bulk-closing issues from released EAP 6.4 cumulative patches.

Note You need to log in before you can comment on or make changes to this bug.