Code review request [JDK 9] 8042449 Issue for negative byte major record version
Xuelei Fan
xuelei.fan at oracle.com
Tue May 6 10:10:15 UTC 2014
Hi,
Please review this simple but interesting fix:
http://cr.openjdk.java.net/~xuelei/8042449/webrev.00/
During the checking of invalid record version, a byte to byte comparing
is coded as:
if (...
recordVersion.major > ProtocolVersion.MAX.major) {
throw new SSLException
}
"recordVersion.major" and "ProtocolVersion.MAX.major" is byte type,
which is signed. If the major version is "0xa9", recordVersion.major is
a negative value (-87). If ProtocolVersion.MAX.major is positive, the
checking above does not work any more.
This fix converts the version number to positive value before make the
comparing.
Thanks,
Xuelei
More information about the security-dev
mailing list