[
Date Prev][
Date Next][
Thread Prev][
Thread Next][
Date Index][
Thread Index]
[
List Home]
| Re: [jetty-users] SSL Assertion | 
Hi,
On Wed, Dec 8, 2021 at 11:42 PM Josh Spiegel <joshlakewg@xxxxxxxxx> wrote:
>
> Simone,
>
> We *think* we may have found the issue.  It is hard to say with certainty since the symptom was somewhat intermittent.
>
> However, in our own code, we were pulling and releasing buffers from the Jetty's pool.  Sometimes, we would switch the buffer to little-endian:
>
>    buffer.order(ByteOrder.LITTLE_ENDIAN);
>
> Before, when we released this buffer, we weren't switching it back to big endian.  Within Jetty, it calls BufferUtil.clear()
> https://github.com/eclipse/jetty.project/blob/4c98990cd93e2f36032121d2ce76598b1c85ad1d/jetty-util/src/main/java/org/eclipse/jetty/util/BufferUtil.java#L175
>
> Which resets most of the buffer state except for the bigEndian/nativeByteOrder members.  My theory is that SslConnection eventually got one of these little_endian buffers and got confused.
>
> We modified our own code to reset the byte order before releasing the buffer.  Since doing this, the issue hasn't reproduced.
>
> I think one could argue that Jetty should reset the byte order when the buffer is released.  However, not sure if you want an issue for this or not (let me know).
I filed https://github.com/eclipse/jetty.project/issues/7243.
-- 
Simone Bordet
---
Finally, no matter how good the architecture and design are,
to deliver bug-free software with optimal performance and reliability,
the implementation technique must be flawless.   Victoria Livschitz