opensource/grpc-go
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

credentials/alts: Properly release server InBytes buffer after the handshake is complete. (#3513)

Browse Source
This commit is contained in:
Cesar Ghali
2020-04-09 22:35:28 -07:00
committed by GitHub
parent b02de00073
commit 7c3fd13027
1 changed files with 18 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

29
credentials/alts/internal/conn/record.go
View File

@ -111,25 +111,32 @@ func NewConn(c net.Conn, side core.Side, recordProtocol string, key []byte, prot
} }
overhead := MsgLenFieldSize + msgTypeFieldSize + crypto.EncryptionOverhead() overhead := MsgLenFieldSize + msgTypeFieldSize + crypto.EncryptionOverhead()
payloadLengthLimit := altsRecordDefaultLength - overhead payloadLengthLimit := altsRecordDefaultLength - overhead
// We pre-allocate protectedBuf to be at least of size
// 2*altsRecordDefaultLength-1 during initialization. We only read from
// the network into protectedBuf when protectedBuf does not contain a
// complete frame, which is at most altsRecordDefaultLength-1 (bytes).
// And we read at most altsRecordDefaultLength (bytes) data into
// protectedBuf at one time. Therefore, 2*altsRecordDefaultLength-1 is
// large enough to buffer data read from the network. If protected is
// not nil, and its size is larger than 2*altsRecordDefaultLength-1, we
// allocate protectedBuf to be size of len(protected), then we copy the
// protected content to protectedBuf.
protectedBufLen := 2*altsRecordDefaultLength - 1
if len(protected) > protectedBufLen {
protectedBufLen = len(protected)
}
protectedBuf := make([]byte, 0, protectedBufLen)
if protected == nil { if protected == nil {
// We pre-allocate protected to be of size copy(protectedBuf, protected)
// 2*altsRecordDefaultLength-1 during initialization. We only
// read from the network into protected when protected does not
// contain a complete frame, which is at most
// altsRecordDefaultLength-1 (bytes). And we read at most
// altsRecordDefaultLength (bytes) data into protected at one
// time. Therefore, 2*altsRecordDefaultLength-1 is large enough
// to buffer data read from the network.
protected = make([]byte, 0, 2*altsRecordDefaultLength-1)
} }
altsConn := &conn{ altsConn := &conn{
Conn: c, Conn: c,
crypto: crypto, crypto: crypto,
payloadLengthLimit: payloadLengthLimit, payloadLengthLimit: payloadLengthLimit,
protected: protected, protected: protectedBuf,
writeBuf: make([]byte, altsWriteBufferInitialSize), writeBuf: make([]byte, altsWriteBufferInitialSize),
nextFrame: protected, nextFrame: protectedBuf,
overhead: overhead, overhead: overhead,
} }
return altsConn, nil return altsConn, nil