RFR: 8308144: HttpClient - uncontrolled memory consumption in SSLFlowDelegate.Reader
Jaikiran Pai
jpai at openjdk.org
Thu Sep 28 00:43:44 UTC 2023
On Thu, 25 May 2023 20:17:39 GMT, zhurs <duke at openjdk.org> wrote:
> When using HttpClient to make requests to HTTPS resources, there is an issue where the entire file is being downloaded into memory without the ability to limit the buffer size.
> If the SSLEngine cannot decode the entire buffer due to the algorithm's blocking nature, it returns a decoded chunk of data and BUFFER_UNDERFLOW status, which leads to SSLFlowDelegate.Reader requesting more data despite the output queue being full.
Hello Bart, like Daniel noted I'm still working on this. Sorry it has taken this long. I'll prioritize this work for the coming days.
-------------
PR Comment: https://git.openjdk.org/jdk/pull/14159#issuecomment-1738285852
More information about the security-dev
mailing list