[15] RFR JDK-8215712,,Parsing extension failure may alert decode_error
Xuelei Fan
xuelei.fan at oracle.com
Sun Mar 22 01:35:10 UTC 2020
Hi,
Could I get the following update reviewed?
http://cr.openjdk.java.net/~xuelei/8215712/webrev.00/
While parsing the extensions, the alter used in the implementation may
no comply to the specification. With this fix, an improvement is made
by passing the HandshakeContext to the constructor of SSLExtensionSpec
implementations. For example:
- private AlpnSpec(ByteBuffer buffer) throws IOException {
+ private AlpnSpec(HandshakeContext context, ByteBuffer buffer) throws
IOException {
And then the 'context.fatal()' could be used for the specific alert.
John, thanks for the testing with fuzzing! No new regression test
added, and I added a noreg-external tag in JBS.
Thanks,
Xuelei
More information about the security-dev
mailing list