Code review request, 7200295 CertificateRequest message is wrapping when using large numbers of Certs
Xuelei Fan
xuelei.fan at oracle.com
Mon Sep 24 02:42:52 UTC 2012
Hi,
Please review the update to check output filed length overflow in TLS
handshaking.
bug : http://bugs.sun.com/bugdatabase/view_bug.do?bug_id=7200295
webrev: http://cr.openjdk.java.net/~xuelei/7200295/webrev.00/
The cause of the bug is that for 8, 16, 24 bits length-variable fields,
before put the bytes into the fields, we do not check that the length of
the bytes is less than the capabilities of the field.
Thanks,
Xuelei
More information about the security-dev
mailing list