RFR: 8308144: HttpClient - uncontrolled memory consumption in SSLFlowDelegate.Reader
zhurs
duke at openjdk.org
Thu May 25 20:44:04 UTC 2023
When using HttpClient to make requests to HTTPS resources, there is an issue where the entire file is being downloaded into memory without the ability to limit the buffer size.
If the SSLEngine cannot decode the entire buffer due to the algorithm's blocking nature, it returns a decoded chunk of data and BUFFER_UNDERFLOW status, which leads to SSLFlowDelegate.Reader requesting more data despite the output queue being full.
-------------
Commit messages:
- 8308144: HttpClient - uncontrolled memory consumption in SSLFlowDelegate.Reader
Changes: https://git.openjdk.org/jdk/pull/14159/files
Webrev: https://webrevs.openjdk.org/?repo=jdk&pr=14159&range=00
Issue: https://bugs.openjdk.org/browse/JDK-8308144
Stats: 190 lines in 2 files changed: 188 ins; 0 del; 2 mod
Patch: https://git.openjdk.org/jdk/pull/14159.diff
Fetch: git fetch https://git.openjdk.org/jdk.git pull/14159/head:pull/14159
PR: https://git.openjdk.org/jdk/pull/14159
More information about the security-dev
mailing list