SSLStream 读取无效数据 + KB3147458 SSLStream 错误(?)
SSLStream reads invalid data + KB3147458 SSLStream bug (?)
当远程客户端未发送任何内容时,SSLStream 返回一些数据时遇到问题。当服务器正在侦听新命令时,我遇到了这个问题。
如果服务器没有收到新的请求,ReadMessage() 函数应该捕获一个 IOException,因为 SSLStream 的读取超时。问题发生在 sslStream.Read() 第二次执行时,它似乎读取了客户端未发送的 5 个字节。所以问题发生在这个序列中:
-> ReadMessage() -> sslstream.Read() -> 按预期捕获超时异常
-> ReadMessage() -> sslstream.Read() -> 未捕获超时异常,即使客户端未发送任何内容也读取了 5 个字节
-> ReadMessage() -> sslstream.Read() -> 按预期捕获超时异常
-> ReadMessage() -> sslstream.Read() -> 未捕获超时异常,即使客户端未发送任何内容也读取了 5 个字节...
等等..
public void ClientHandle(object obj)
{
nRetry = MAX_RETRIES;
// Open connection with the client
if (Open() == OPEN_SUCCESS)
{
String request = ReadMessage();
String response = null;
// while loop for the incoming commands from client
while (!String.IsNullOrEmpty(request))
{
Console.WriteLine("[{0}] {1}", RemoteIPAddress, request);
response = Execute(request);
// If QUIT was received, close the connection with the client
if (response.Equals(QUIT_RESPONSE))
{
// Closing connection
Console.WriteLine("[{0}] {1}", RemoteIPAddress, response);
// Send QUIT_RESPONSE then return and close this thread
SendMessage(response);
break;
}
// If another command was received, send the response to the client
if (!response.StartsWith("TIMEOUT"))
{
// Reset nRetry
nRetry = MAX_RETRIES;
if (!SendMessage(response))
{
// Couldn't send message
Close();
break;
}
}
// Wait for new input request from client
request = ReadMessage();
// If nothing was received, SslStream timeout occurred
if (String.IsNullOrEmpty(request))
{
request = "TIMEOUT";
nRetry--;
if (nRetry == 0)
{
// Close everything
Console.WriteLine("Client is unreachable. Closing client connection.");
Close();
break;
}
else
{
continue;
}
}
}
Console.WriteLine("Stopped");
}
}
public String ReadMessage()
{
if (tcpClient != null)
{
int bytes = -1;
byte[] buffer = new byte[MESSAGE_SIZE];
try
{
bytes = sslStream.Read(buffer, 0, MESSAGE_SIZE);
}
catch (ObjectDisposedException)
{
// Streams were disposed
return String.Empty;
}
catch (IOException)
{
return String.Empty;
}
catch (Exception)
{
// Some other exception occured
return String.Empty;
}
if (bytes != MESSAGE_SIZE)
{
return String.Empty;
}
// Return string read from the stream
return Encoding.Unicode.GetString(buffer, 0, MESSAGE_SIZE).Replace("[=10=]", String.Empty);
}
return String.Empty;
}
public bool SendMessage(String message)
{
if (tcpClient != null)
{
byte[] data = CreateMessage(message);
try
{
// Write command message to the stream and send it
sslStream.Write(data, 0, MESSAGE_SIZE);
sslStream.Flush();
}
catch (ObjectDisposedException)
{
// Streamers were disposed
return false;
}
catch (IOException)
{
// Error while trying to access streams or connection timedout
return false;
}
catch (Exception)
{
return false;
}
// Data sent successfully
return true;
}
return false;
}
private byte[] CreateMessage(String message)
{
byte[] data = new byte[MESSAGE_SIZE];
byte[] messageBytes = Encoding.Unicode.GetBytes(message);
// Can't exceed MESSAGE_SIZE parameter (max message size in bytes)
if (messageBytes.Length >= MESSAGE_SIZE)
{
throw new ArgumentOutOfRangeException("message", String.Format("Message string can't be longer than {0} bytes", MESSAGE_SIZE));
}
for (int i = 0; i < messageBytes.Length; i++)
{
data[i] = messageBytes[i];
}
for (int i = messageBytes.Length; i < MESSAGE_SIZE; i++)
{
data[i] = messageBytes[messageBytes.Length - 1];
}
return data;
}
客户端也使用完全相同的 ReadMessage()、SendMessage() 和 CreateMessage() 函数向服务器发送消息。 MESSAGE_SIZE常数也是一样的,设置为2048。
问题是我在超时后重新使用了 SSLStream。所以我只是通过删除 nRetry 变量并设置更长的超时来解决问题。相关的 MSDN 文章说 SSLStream 将 return 在超时异常后产生垃圾 (https://msdn.microsoft.com/en-us/library/system.net.security.sslstream(v=vs.110).aspx):
SslStream assumes that a timeout along with any other IOException when one is thrown from the inner stream will be treated as fatal by its caller. Reusing a SslStream instance after a timeout will return garbage. An application should Close the SslStream and throw an exception in these cases.
另一个问题是 Windows 更新 KB3147458(Windows 4 月 10 日的更新)更改了读取功能的行为。看起来 SSLStream 实现中的某些内容发生了变化,现在它 returns 数据分为 2 个部分,每次 1 个字节和其余字节。实际上 MSDN 文档并没有说 Read() 函数将一步 return 所有请求的字节,并且提供的示例使用 do-while 循环来读取确切的字节数。所以我想 Read() 函数不能保证一次读取所有请求的确切字节数,可能需要更多的读取迭代。
SSLstream 工作正常,因此没有损坏。您只需要注意并使用 do-while 循环并检查是否正确读取了所有字节。
我更改了这里显示的代码以解决我遇到的错误。
public String ReadMessage()
{
if (tcpClient != null)
{
int bytes = -1, offset = 0;
byte[] buffer = new byte[MESSAGE_SIZE];
try
{
// perform multiple read iterations
// and check the number of bytes received
while (offset < MESSAGE_SIZE)
{
bytes = sslStream.Read(buffer, offset, MESSAGE_SIZE - offset);
offset += bytes;
if (bytes == 0)
{
return String.Empty;
}
}
}
catch (Exception)
{
// Some exception occured
return String.Empty;
}
if (offset != MESSAGE_SIZE)
{
return String.Empty;
}
// Return string read from the stream
return Encoding.Unicode.GetString(buffer, 0, MESSAGE_SIZE).Replace("[=10=]", String.Empty);
}
return String.Empty;
}
关于 SslStream 在超时后在 Read() 上返回五个字节,这是因为 SslStream class 没有妥善处理来自底层流的任何 IOException,这已如前所述记录注意到了。
SslStream assumes that a timeout along with any other IOException when one is thrown from the inner stream will be treated as fatal by its caller. Reusing a SslStream instance after a timeout will return garbage. An application should Close the SslStream and throw an exception in these cases.
https://msdn.microsoft.com/en-us/library/system.net.security.sslstream(v=vs.110).aspx
但是,您可以通过创建一个位于 Tcp NetworkStream 和 SslStream 之间的包装器 class 来解决这个问题,它可以捕获并抑制无害的超时异常,并且(看起来)不会丢失功能。
完整代码在我在类似主题的回答中,此处
关于 Read() 方法在每个 Read() 上仅返回部分有效负载,您的回答已经正确解决了这个问题。虽然这是 SslStream 的 "recent" 行为,但不幸的是,这是所有网络的预期行为,所有代码都需要创建某种形式的缓冲区来存储片段,直到您拥有完整的数据包。例如,如果您的数据超过 1500 字节(大多数以太网适配器的最大数据包大小,假设以太网传输),您很可能会收到多个部分的数据并且必须自己重新组装。
希望对您有所帮助
当远程客户端未发送任何内容时,SSLStream 返回一些数据时遇到问题。当服务器正在侦听新命令时,我遇到了这个问题。 如果服务器没有收到新的请求,ReadMessage() 函数应该捕获一个 IOException,因为 SSLStream 的读取超时。问题发生在 sslStream.Read() 第二次执行时,它似乎读取了客户端未发送的 5 个字节。所以问题发生在这个序列中:
-> ReadMessage() -> sslstream.Read() -> 按预期捕获超时异常
-> ReadMessage() -> sslstream.Read() -> 未捕获超时异常,即使客户端未发送任何内容也读取了 5 个字节
-> ReadMessage() -> sslstream.Read() -> 按预期捕获超时异常
-> ReadMessage() -> sslstream.Read() -> 未捕获超时异常,即使客户端未发送任何内容也读取了 5 个字节...
等等..
public void ClientHandle(object obj)
{
nRetry = MAX_RETRIES;
// Open connection with the client
if (Open() == OPEN_SUCCESS)
{
String request = ReadMessage();
String response = null;
// while loop for the incoming commands from client
while (!String.IsNullOrEmpty(request))
{
Console.WriteLine("[{0}] {1}", RemoteIPAddress, request);
response = Execute(request);
// If QUIT was received, close the connection with the client
if (response.Equals(QUIT_RESPONSE))
{
// Closing connection
Console.WriteLine("[{0}] {1}", RemoteIPAddress, response);
// Send QUIT_RESPONSE then return and close this thread
SendMessage(response);
break;
}
// If another command was received, send the response to the client
if (!response.StartsWith("TIMEOUT"))
{
// Reset nRetry
nRetry = MAX_RETRIES;
if (!SendMessage(response))
{
// Couldn't send message
Close();
break;
}
}
// Wait for new input request from client
request = ReadMessage();
// If nothing was received, SslStream timeout occurred
if (String.IsNullOrEmpty(request))
{
request = "TIMEOUT";
nRetry--;
if (nRetry == 0)
{
// Close everything
Console.WriteLine("Client is unreachable. Closing client connection.");
Close();
break;
}
else
{
continue;
}
}
}
Console.WriteLine("Stopped");
}
}
public String ReadMessage()
{
if (tcpClient != null)
{
int bytes = -1;
byte[] buffer = new byte[MESSAGE_SIZE];
try
{
bytes = sslStream.Read(buffer, 0, MESSAGE_SIZE);
}
catch (ObjectDisposedException)
{
// Streams were disposed
return String.Empty;
}
catch (IOException)
{
return String.Empty;
}
catch (Exception)
{
// Some other exception occured
return String.Empty;
}
if (bytes != MESSAGE_SIZE)
{
return String.Empty;
}
// Return string read from the stream
return Encoding.Unicode.GetString(buffer, 0, MESSAGE_SIZE).Replace("[=10=]", String.Empty);
}
return String.Empty;
}
public bool SendMessage(String message)
{
if (tcpClient != null)
{
byte[] data = CreateMessage(message);
try
{
// Write command message to the stream and send it
sslStream.Write(data, 0, MESSAGE_SIZE);
sslStream.Flush();
}
catch (ObjectDisposedException)
{
// Streamers were disposed
return false;
}
catch (IOException)
{
// Error while trying to access streams or connection timedout
return false;
}
catch (Exception)
{
return false;
}
// Data sent successfully
return true;
}
return false;
}
private byte[] CreateMessage(String message)
{
byte[] data = new byte[MESSAGE_SIZE];
byte[] messageBytes = Encoding.Unicode.GetBytes(message);
// Can't exceed MESSAGE_SIZE parameter (max message size in bytes)
if (messageBytes.Length >= MESSAGE_SIZE)
{
throw new ArgumentOutOfRangeException("message", String.Format("Message string can't be longer than {0} bytes", MESSAGE_SIZE));
}
for (int i = 0; i < messageBytes.Length; i++)
{
data[i] = messageBytes[i];
}
for (int i = messageBytes.Length; i < MESSAGE_SIZE; i++)
{
data[i] = messageBytes[messageBytes.Length - 1];
}
return data;
}
客户端也使用完全相同的 ReadMessage()、SendMessage() 和 CreateMessage() 函数向服务器发送消息。 MESSAGE_SIZE常数也是一样的,设置为2048。
问题是我在超时后重新使用了 SSLStream。所以我只是通过删除 nRetry 变量并设置更长的超时来解决问题。相关的 MSDN 文章说 SSLStream 将 return 在超时异常后产生垃圾 (https://msdn.microsoft.com/en-us/library/system.net.security.sslstream(v=vs.110).aspx):
SslStream assumes that a timeout along with any other IOException when one is thrown from the inner stream will be treated as fatal by its caller. Reusing a SslStream instance after a timeout will return garbage. An application should Close the SslStream and throw an exception in these cases.
另一个问题是 Windows 更新 KB3147458(Windows 4 月 10 日的更新)更改了读取功能的行为。看起来 SSLStream 实现中的某些内容发生了变化,现在它 returns 数据分为 2 个部分,每次 1 个字节和其余字节。实际上 MSDN 文档并没有说 Read() 函数将一步 return 所有请求的字节,并且提供的示例使用 do-while 循环来读取确切的字节数。所以我想 Read() 函数不能保证一次读取所有请求的确切字节数,可能需要更多的读取迭代。
SSLstream 工作正常,因此没有损坏。您只需要注意并使用 do-while 循环并检查是否正确读取了所有字节。
我更改了这里显示的代码以解决我遇到的错误。
public String ReadMessage()
{
if (tcpClient != null)
{
int bytes = -1, offset = 0;
byte[] buffer = new byte[MESSAGE_SIZE];
try
{
// perform multiple read iterations
// and check the number of bytes received
while (offset < MESSAGE_SIZE)
{
bytes = sslStream.Read(buffer, offset, MESSAGE_SIZE - offset);
offset += bytes;
if (bytes == 0)
{
return String.Empty;
}
}
}
catch (Exception)
{
// Some exception occured
return String.Empty;
}
if (offset != MESSAGE_SIZE)
{
return String.Empty;
}
// Return string read from the stream
return Encoding.Unicode.GetString(buffer, 0, MESSAGE_SIZE).Replace("[=10=]", String.Empty);
}
return String.Empty;
}
关于 SslStream 在超时后在 Read() 上返回五个字节,这是因为 SslStream class 没有妥善处理来自底层流的任何 IOException,这已如前所述记录注意到了。
SslStream assumes that a timeout along with any other IOException when one is thrown from the inner stream will be treated as fatal by its caller. Reusing a SslStream instance after a timeout will return garbage. An application should Close the SslStream and throw an exception in these cases.
https://msdn.microsoft.com/en-us/library/system.net.security.sslstream(v=vs.110).aspx
但是,您可以通过创建一个位于 Tcp NetworkStream 和 SslStream 之间的包装器 class 来解决这个问题,它可以捕获并抑制无害的超时异常,并且(看起来)不会丢失功能。
完整代码在我在类似主题的回答中,此处
关于 Read() 方法在每个 Read() 上仅返回部分有效负载,您的回答已经正确解决了这个问题。虽然这是 SslStream 的 "recent" 行为,但不幸的是,这是所有网络的预期行为,所有代码都需要创建某种形式的缓冲区来存储片段,直到您拥有完整的数据包。例如,如果您的数据超过 1500 字节(大多数以太网适配器的最大数据包大小,假设以太网传输),您很可能会收到多个部分的数据并且必须自己重新组装。
希望对您有所帮助