RFR: 8264948: Check for TLS extensions total length
Jamil Nimeh
jnimeh at openjdk.java.net
Fri Apr 9 05:58:18 UTC 2021
On Fri, 9 Apr 2021 04:55:14 GMT, Xue-Lei Andrew Fan <xuelei at openjdk.org> wrote:
> To improve the readability, it would be nice to check the TLS extensions total length while parsing.
>
> No new regression test, trial update.
src/java.base/share/classes/sun/security/ssl/SSLExtensions.java line 68:
> 66: Alert.ILLEGAL_PARAMETER,
> 67: "Insufficient extensions data");
> 68: }
For both of these blocks the checks themselves look OK, but illegal_parameter I thought was more for cases where a field value is out of range or inconsistent with already negotiated parameters. I would think that decode_error would be more appropriate to cases like this where the encoding is structurally incorrect and the length doesn't match the actual data size.
-------------
PR: https://git.openjdk.java.net/jdk/pull/3405
More information about the security-dev
mailing list