[15] RFR JDK-8215712,,Parsing extension failure may alert decode_error

Jamil Nimeh jamil.j.nimeh at oracle.com
Sun Mar 22 16:06:57 UTC 2020


Looks good to me.

--Jamil

On 3/21/2020 6:35 PM, Xuelei Fan wrote:
> Hi,
>
> Could I get the following update reviewed?
>     http://cr.openjdk.java.net/~xuelei/8215712/webrev.00/
>
> While parsing the extensions, the alter used in the implementation may 
> no comply to the specification.  With this fix, an improvement is made 
> by passing the HandshakeContext to the constructor of SSLExtensionSpec 
> implementations. For example:
> - private AlpnSpec(ByteBuffer buffer) throws IOException {
> + private AlpnSpec(HandshakeContext context, ByteBuffer buffer) throws 
> IOException {
>
> And then the 'context.fatal()' could be used for the specific alert.
>
> John, thanks for the testing with fuzzing!  No new regression test 
> added, and I added a noreg-external tag in JBS.
>
> Thanks,
> Xuelei



More information about the security-dev mailing list