Spatterjaaay opened a new pull request #9188: URL: https://github.com/apache/kafka/pull/9188
… may have data There are a couple of different situations which can result in BUFFER_OVERFLOW on read with the current implementation, due to the while loop structure (such as TLS compression with identical buffer sizes, or buffers sizes that differ to optimize modes where the cipher text is larger than the plain text.) The JDK documentation indicates that a buffer of getApplicationBufferSize() bytes will be enough for a single unwrap operation, but the SslTransportLayer loop may call unwrap with an application buffer which isn't empty. The current implementation will check dst for space and then move data from the application buffer. It will then continue the loop and may try to unwrap() again without verifying that there are getApplicationBufferSize() bytes free in the application buffer. If, instead, the loop moves data into dst, and then breaks the loop if dst is full, then unwrap() should never be called with data in the application buffer. ---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org
