Code Review Request, JDK-8213782: NullPointerException in sun.security.ssl.OutputRecord.changeWriteCiphers
Xue-Lei Fan
xuelei.fan at oracle.com
Fri Dec 14 21:16:13 UTC 2018
On 12/14/2018 12:26 PM, Anthony Scarpino wrote:
> Other than my nit about the “make the compiler happy”, this all looks fine.
>
It makes sense to me. I will remove the comment while pushing.
> For KeyUpdate, shouldn’t it never be null given the suite and protocol are already known good? I have not problem with the check to be cautious even if it should never happen.
>
Right, it should never be null in some cases. I added them is in case I
missed some scenarios I'm not aware of. I would like to keep them for safe.
Thanks for the review.
Xuelei
> Tony
>
>> On Dec 14, 2018, at 9:00 AM, Xue-Lei Fan <xuelei.fan at oracle.com> wrote:
>>
>> Hi,
>>
>> Could I have the fix reviewed?
>> http://cr.openjdk.java.net/~xuelei/8213782/webrev.00/
>>
>> The SSLCipher.createReadCipher() and createWriteCipher() could return null if the cipher is not supported or the cipher is not available for a certain protocol version. The caller should check the null value, and send back a "illegal_parameter" alert for such cases.
>>
>> I did not add new regression test. The update is straightforward, while constructing an illegal handshake message for such cases is complicated.
>>
>> Thanks,
>> Xuelei
>
More information about the security-dev
mailing list