RFR: 8331682: Slow networks/Impatient clients can potentially send unencrypted TLSv1.3 alerts that won't parse on the server [v9]
Daniel Jeliński
djelinski at openjdk.org
Fri Sep 27 19:33:35 UTC 2024
On Fri, 27 Sep 2024 19:19:56 GMT, Artur Barashev <abarashev at openjdk.org> wrote:
>> src/java.base/share/classes/sun/security/ssl/SSLTransport.java line 144:
>>
>>> 142: }
>>> 143:
>>> 144: plaintexts = new Plaintext[]{
>>
>> do we need to advance the position of the input buffer here?
>
> You mean the `packet` buffer? No, it has 2 bytes remaining as it should.
I was referring to `srcs[srcOffset]`; `packet` is a duplicate, so the position is independent from the original.
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/21043#discussion_r1779068272
More information about the security-dev
mailing list