RFR 8044860: Vectors and fixed length fields should be verified for allowed sizes
Jamil Nimeh
jamil.j.nimeh at oracle.com
Thu Jan 22 18:35:37 UTC 2015
Hi all,
This review is to provide length checks on the session ID for SSL/TLS
connections. It appears to be the only vector/array that needs
additional length-checks to make sure it's not exceeding 32 bytes.
Bug: https://bugs.openjdk.java.net/browse/JDK-8044860
Webrev: http://cr.openjdk.java.net/~jnimeh/reviews/8044860/webrev.01
Thanks,
--Jamil
More information about the security-dev
mailing list