[15] RFR JDK-8215712,,Parsing extension failure may alert decode_error
Jamil Nimeh
jamil.j.nimeh at oracle.com
Sun Mar 22 16:06:57 UTC 2020
Looks good to me.
--Jamil
On 3/21/2020 6:35 PM, Xuelei Fan wrote:
> Hi,
>
> Could I get the following update reviewed?
> http://cr.openjdk.java.net/~xuelei/8215712/webrev.00/
>
> While parsing the extensions, the alter used in the implementation may
> no comply to the specification. With this fix, an improvement is made
> by passing the HandshakeContext to the constructor of SSLExtensionSpec
> implementations. For example:
> - private AlpnSpec(ByteBuffer buffer) throws IOException {
> + private AlpnSpec(HandshakeContext context, ByteBuffer buffer) throws
> IOException {
>
> And then the 'context.fatal()' could be used for the specific alert.
>
> John, thanks for the testing with fuzzing! No new regression test
> added, and I added a noreg-external tag in JBS.
>
> Thanks,
> Xuelei
More information about the security-dev
mailing list