[15] RFR JDK-8215712,,Parsing extension failure may alert decode_error

Xuelei Fan xuelei.fan at oracle.com
Sun Mar 22 01:35:10 UTC 2020


Hi,

Could I get the following update reviewed?
     http://cr.openjdk.java.net/~xuelei/8215712/webrev.00/

While parsing the extensions, the alter used in the implementation may 
no comply to the specification.  With this fix, an improvement is made 
by passing the HandshakeContext to the constructor of SSLExtensionSpec 
implementations. For example:
- private AlpnSpec(ByteBuffer buffer) throws IOException {
+ private AlpnSpec(HandshakeContext context, ByteBuffer buffer) throws 
IOException {

And then the 'context.fatal()' could be used for the specific alert.

John, thanks for the testing with fuzzing!  No new regression test 
added, and I added a noreg-external tag in JBS.

Thanks,
Xuelei


More information about the security-dev mailing list