Created attachment 1081060 [details] 01514173.btm Description of problem: org.jboss.sun.net.httpserver.SSLStreams$InputStream does not return -1 in the event of an eof. It improperly returns 0 instead. This means read loops until an -1 return occurs can loop endlessly. That can produce high CPU loops in calls like: "HttpManagementService-threads - 384" #6598 prio=5 os_prio=0 tid=0x00007fc2441c9800 nid=0x3045 runnable [0x00007fc1f623b000] java.lang.Thread.State: RUNNABLE at java.io.FilterInputStream.read(FilterInputStream.java:107) at org.jboss.sun.net.httpserver.AuthFilter.consumeInput(AuthFilter.java:54) at org.jboss.sun.net.httpserver.AuthFilter.doFilter(AuthFilter.java:72) at org.jboss.com.sun.net.httpserver.Filter$Chain.doFilter(Filter.java:81) at org.jboss.sun.net.httpserver.ServerImpl$Exchange$LinkHandler.handle(ServerImpl.java:710) at org.jboss.com.sun.net.httpserver.Filter$Chain.doFilter(Filter.java:78) at org.jboss.as.domain.http.server.RealmReadinessFilter.doFilter(RealmReadinessFilter.java:48) at org.jboss.as.domain.http.server.DmrFailureReadinessFilter.doFilter(DmrFailureReadinessFilter.java:45) Version-Release number of selected component (if applicable): EAP 6.4.4 How reproducible: Potentially reproducible with network issues Steps to Reproduce: 1. Set up console for https access 2. Use byteman with the attached script to force an eof in the ssl stream: JAVA_OPTS="$JAVA_OPTS -javaagent:/path/to/lib/byteman.jar=script:/home/aaron/path/to/01514173.btm,boot:/path/to/lib/byteman.jar" 3. Start JBoss and make curl request like so: curl --insecure -v https://localhost:9443/management/add-content -F "file=@/path/to/large/app.war" Actual results: The SSLStream returns 0 upon eof and allows for org.jboss.sun.net.httpserver.AuthFilter.consumeInput to loop endlessly Expected results: The SSLStream returns -1 upon eof Additional info:
PR: https://github.com/jbossas/httpserver/pull/4
Verified with EAP 6.4.6.CP.CR2
Retroactively bulk-closing issues from released EAP 6.4 cumulative patches.