RFR: 8334670: SSLSocketOutputRecord buffer miscalculation
Daniel Jeliński
djelinski at openjdk.org
Tue Jun 25 08:17:14 UTC 2024
On Mon, 24 Jun 2024 15:57:57 GMT, Anthony Scarpino <ascarpino at openjdk.org> wrote:
> Hi,
>
> I need a review to change the a fragment buffer size miscalculation error. This appears when there are large handshake messages and hasn't been observed during application data. This was found during testing of the NewSessionTicket change in [JDK-8328608](https://bugs.openjdk.org/browse/JDK-8328608). There is no regression test as the failure hasn't shown to fail every time.
>
> thanks
>
> Tony
Actually, I think this line needs to be changed too.
src/java.base/share/classes/sun/security/ssl/SSLSocketOutputRecord.java line 171:
> 169: for (int limit = (offset + length); offset < limit;) {
> 170:
> 171: int remains = (limit - offset) + (count - position);
Suggestion:
int remains = (limit - offset);
-------------
Changes requested by djelinski (Reviewer).
PR Review: https://git.openjdk.org/jdk/pull/19862#pullrequestreview-2137826139
PR Review Comment: https://git.openjdk.org/jdk/pull/19862#discussion_r1652218588
More information about the security-dev
mailing list