RFR JDK-8214129: SSL session resumption/SNI with TLS1.2 causes StackOverflowError
Xue-Lei Fan
xuelei.fan at oracle.com
Thu Dec 6 22:00:31 UTC 2018
Looks fine to me.
Thanks,
Xuelei
On 12/6/2018 1:09 PM, Jamil Nimeh wrote:
> Hello everyone,
>
> Updates from Xuelei's comments have been folded into an updated webrev:
>
> http://cr.openjdk.java.net/~jnimeh/reviews/8214129/webrev.02/
>
> Thank you,
>
> --Jamil
>
> On 12/5/18 3:59 PM, Jamil Nimeh wrote:
>> Hello all,
>>
>> This fix covers an issue where large numbers of TLS 1.2 session
>> resumptions were causing a StackOverflowError to occur. This was
>> happening because the SSLSessionImpl constructor creates a new
>> unmodifiableList from the SNI list attached to the HandshakeContext.
>> Since that is also an unmodifiableList, you get a new level of nesting
>> of lists with each successive instantiation of SSLSessionImpl.
>> Eventually it grows to the point that an iteration of the list causes
>> a stack overflow.
>>
>> Bug: https://bugs.openjdk.java.net/browse/JDK-8214129
>>
>> Webrev: http://cr.openjdk.java.net/~jnimeh/reviews/8214129/webrev.01/
>>
>> Thanks,
>>
>> --Jamil
>>
More information about the security-dev
mailing list