From f0a0f24b9618588df6e37ce2232dc0d8e5415210 Mon Sep 17 00:00:00 2001
From: Flavia Rainone <frainone@redhat.com>
Date: Sat, 25 Mar 2023 06:33:08 -0300
Subject: [PATCH] [UNDERTOW-2252] Potential fix for the SslConduit.dataToUnwrap
 buffer leak

Signed-off-by: Flavia Rainone <frainone@redhat.com>
---
 .../io/undertow/protocols/ssl/SslConduit.java    | 16 +++++++++-------
 1 file changed, 9 insertions(+), 7 deletions(-)

diff --git a/core/src/main/java/io/undertow/protocols/ssl/SslConduit.java b/core/src/main/java/io/undertow/protocols/ssl/SslConduit.java
index a3ed279360..91b6c898d7 100644
--- a/core/src/main/java/io/undertow/protocols/ssl/SslConduit.java
+++ b/core/src/main/java/io/undertow/protocols/ssl/SslConduit.java
@@ -1276,14 +1276,16 @@ public void readReady() {
             }
             if(anyAreSet(state, FLAG_READS_RESUMED) && (unwrappedData != null || anyAreSet(state, FLAG_DATA_TO_UNWRAP))) {
                 if(anyAreSet(state, FLAG_READ_CLOSED)) {
-                    if(unwrappedData != null) {
-                        unwrappedData.close();
-                    }
-                    if(dataToUnwrap != null) {
-                        dataToUnwrap.close();
+                    synchronized (SslConduit.this) {
+                        if (unwrappedData != null) {
+                            unwrappedData.close();
+                        }
+                        if (dataToUnwrap != null) {
+                            dataToUnwrap.close();
+                        }
+                        unwrappedData = null;
+                        dataToUnwrap = null;
                     }
-                    unwrappedData = null;
-                    dataToUnwrap = null;
                 } else {
                     //there is data in the buffers so we do a wakeup
                     //as we may not get an actual read notification