Re: RFR 8044860: Vectors and fixed length fields should be verified for allowed sizes

Jamil Nimeh jamil.j.nimeh at oracle.com
Fri Jan 23 01:12:20 UTC 2015


Thanks for the review, Xuelei.  I'll make that change and run it through the tests.

--Jamil


-------- Original message --------
From: Xuelei Fan <xuelei.fan at oracle.com> 
Date: 01/22/2015  4:26 PM  (GMT-08:00) 
To: security-dev at openjdk.java.net 
Subject: Re: RFR 8044860: Vectors and fixed length fields should be verified
 	for allowed sizes 

I may use SSLProtocolException if the size of session ID is bigger than
32.  Otherwise, looks fine to me.

Xuelei

On 1/23/2015 2:35 AM, Jamil Nimeh wrote:
> Hi all,
> 
> This review is to provide length checks on the session ID for SSL/TLS
> connections.  It appears to be the only vector/array that needs
> additional length-checks to make sure it's not exceeding 32 bytes.
> 
> Bug: https://bugs.openjdk.java.net/browse/JDK-8044860
> Webrev: http://cr.openjdk.java.net/~jnimeh/reviews/8044860/webrev.01
> 
> Thanks,
> --Jamil

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.openjdk.java.net/pipermail/security-dev/attachments/20150122/a43896a2/attachment-0001.html>


More information about the security-dev mailing list