RFR [13] JDK-8219389: Delegated task created by SSLEngine throws BufferUnderflowException
Anthony Scarpino
anthony.scarpino at oracle.com
Wed Feb 20 06:06:14 UTC 2019
On 2/19/19 9:38 PM, Xuelei Fan wrote:
> Hi Tony or Jamil,
>
> Would you please review the following update:
> http://cr.openjdk.java.net/~xuelei/8219389/webrev.00/
>
> BufferUnderflowException might be thrown if the record format does not
> confirm to the formal protocol syntax. The original bug was reported for
> the ClientHello handshake message, and was fixed in JDK-8215790. I made
> an enhancement so that more handshake messages buffer operating
> RuntimeException could be handled properly.
>
> Thanks,
> Xuelei
I'm not saying your approach is incorrect, but I have to wonder if this
is too generic. Are you trying to catch situations other than
RandomCookie throwing an exception? RandomCookie is only in ClientHello
and ServerHello, so PostHandshakeContext doesn't look necessary.
If we need a generic catch all consumed extensions, why not just have it
catch "Exception" and run fatal. This could eliminate many of the
current fatal calls in the code and centralize the SSLException messages
in these two files. Assuming I understand the idea around this change
correctly.
Tony
More information about the security-dev
mailing list