Code review request, CR 7180038 regression test failure, SSLEngineBadBufferArrayAccess.java

Xuelei Fan xuelei.fan at oracle.com
Sun Jul 1 19:39:46 PDT 2012


Hi Weijun,

Would you please review the test update for CR 7180038?
    http://cr.openjdk.java.net./~xuelei/7180038/webrev.00/

We cannot reproduce the issue. However, from the test log, there is two
possible issues exposed by this CR.
1. the improper test case senarios of un/wrap()
   In the test case, the scenarios is
unwrap()->wrap()->serverOut.remaining()->"serverIn.remaining() !=
clientMsg.length". After the wrap(), the next operation may need to be
unwrap() to get more incoming data before comparing serverIn buffer with
the expected client message.

    This fix is trying to do the comparing after the engine has closed.

2. From the log, the engine status and handshaking status move from
CLOSED/NOT_HANDSHAKING to OK/FINISHED. FINISHED means the TLS
handshaking just finished. As the handshaking should have completed for
a while, it does not sound like a correct status change.

    However, I did not find why this happens. Need more info. So I added
a line of log (suggested by Brad Wetmore) to collect the next failure:

    IF THIS FAILS, PLEASE REPORT THIS TO THE SECURITY TEAM.  WE HAVE
    BEEN UNABLE TO RELIABLY DUPLICATE.


Thanks,
Xuelei



More information about the security-dev mailing list