From 6eb9c428bbd98a14fbde473ac708b49bfd96911f Mon Sep 17 00:00:00 2001
From: Sheng Yang <sheng.yang@cloud.com>
Date: Mon, 20 Jun 2011 18:36:35 -0700
Subject: [PATCH] SSL: Fix loop in when BUFFER_UNDERFLOW

Add 10 times as limit, as well as add the missing count=-1 judgement.
---
 utils/src/com/cloud/utils/nio/Link.java | 15 ++++++++++++---
 1 file changed, 12 insertions(+), 3 deletions(-)

diff --git a/utils/src/com/cloud/utils/nio/Link.java b/utils/src/com/cloud/utils/nio/Link.java
index d7f5c5b04c7..093c573924d 100755
--- a/utils/src/com/cloud/utils/nio/Link.java
+++ b/utils/src/com/cloud/utils/nio/Link.java
@@ -399,7 +399,7 @@ public class Link {
 
         while (hsStatus != SSLEngineResult.HandshakeStatus.FINISHED) {
             if (s_logger.isTraceEnabled()) {
-                s_logger.info("SSL: Handshake status " + hsStatus);
+                s_logger.trace("SSL: Handshake status " + hsStatus);
             }
             engResult = null;
             if (hsStatus == SSLEngineResult.HandshakeStatus.NEED_WRAP) {
@@ -429,13 +429,21 @@ public class Link {
                 engResult = sslEngine.unwrap(in_pkgBuf, in_appBuf);
                 ByteBuffer tmp_pkgBuf =
                     ByteBuffer.allocate(sslSession.getPacketBufferSize() + 40);
+                int loop_count = 0;
                 while (engResult.getStatus() == SSLEngineResult.Status.BUFFER_UNDERFLOW) {
+                    // The client is too slow? Cut it and let it reconnect
+                    if (loop_count > 10) {
+                        throw new IOException("Too many times in SSL BUFFER_UNDERFLOW, disconnect guest.");
+                    }
                     // We need more packets to complete this operation
                     if (s_logger.isTraceEnabled()) {
-                        s_logger.info("SSL: Buffer overflowed, getting more packets");
+                        s_logger.trace("SSL: Buffer overflowed, getting more packets");
                     }
                     tmp_pkgBuf.clear();
                     count = ch.read(tmp_pkgBuf);
+                    if (count == -1) {
+                        throw new IOException("Connection closed with -1 on reading size.");
+                    }
                     tmp_pkgBuf.flip();
                     
                     in_pkgBuf.mark();
@@ -446,12 +454,13 @@ public class Link {
                     
                     in_appBuf.clear();
                     engResult = sslEngine.unwrap(in_pkgBuf, in_appBuf);
+                    loop_count ++;
                 }
             } else if (hsStatus == SSLEngineResult.HandshakeStatus.NEED_TASK) {
                 Runnable run;
                 while ((run = sslEngine.getDelegatedTask()) != null) {
                     if (s_logger.isTraceEnabled()) {
-                        s_logger.info("SSL: Running delegated task!");
+                        s_logger.trace("SSL: Running delegated task!");
                     }
                     run.run();
                 }