RFR [13] JDK-8219389: Delegated task created by SSLEngine throws BufferUnderflowException

Anthony Scarpino anthony.scarpino at oracle.com
Wed Feb 20 06:06:14 UTC 2019


On 2/19/19 9:38 PM, Xuelei Fan wrote:
> Hi Tony or Jamil,
> 
> Would you please review the following update:
>     http://cr.openjdk.java.net/~xuelei/8219389/webrev.00/
> 
> BufferUnderflowException might be thrown if the record format does not 
> confirm to the formal protocol syntax. The original bug was reported for 
> the ClientHello handshake message, and was fixed in JDK-8215790.  I made 
> an enhancement so that more handshake messages buffer operating 
> RuntimeException could be handled properly.
> 
> Thanks,
> Xuelei

I'm not saying your approach is incorrect, but I have to wonder if this 
is too generic.  Are you trying to catch situations other than 
RandomCookie throwing an exception?  RandomCookie is only in ClientHello 
and ServerHello, so PostHandshakeContext doesn't look necessary.

If we need a generic catch all consumed extensions, why not just have it 
catch "Exception" and run fatal.  This could eliminate many of the 
current fatal calls in the code and centralize the SSLException messages 
in these two files.  Assuming I understand the idea around this change 
correctly.

Tony


More information about the security-dev mailing list