Mercurial > hg > openjdk > jdk8u > jdk
changeset 14453:79198fff6d1d
8228757: Fail fast if the handshake type is unknown
Reviewed-by: jnimeh, sgehwolf
author | xuelei |
---|---|
date | Mon, 19 Aug 2019 12:56:48 -0700 |
parents | 7b979289680f |
children | ba0e36b4275f |
files | src/share/classes/sun/security/ssl/SSLEngineInputRecord.java src/share/classes/sun/security/ssl/SSLHandshake.java src/share/classes/sun/security/ssl/SSLSocketInputRecord.java |
diffstat | 3 files changed, 26 insertions(+), 2 deletions(-) [+] |
line wrap: on
line diff
--- a/src/share/classes/sun/security/ssl/SSLEngineInputRecord.java Mon Mar 08 16:38:21 2021 +0000 +++ b/src/share/classes/sun/security/ssl/SSLEngineInputRecord.java Mon Aug 19 12:56:48 2019 -0700 @@ -287,8 +287,15 @@ } handshakeFrag.mark(); - // skip the first byte: handshake type + + // Fail fast for unknown handshake message. byte handshakeType = handshakeFrag.get(); + if (!SSLHandshake.isKnown(handshakeType)) { + throw new SSLProtocolException( + "Unknown handshake type size, Handshake.msg_type = " + + (handshakeType & 0xFF)); + } + int handshakeBodyLen = Record.getInt24(handshakeFrag); if (handshakeBodyLen > SSLConfiguration.maxHandshakeMessageSize) { throw new SSLProtocolException(
--- a/src/share/classes/sun/security/ssl/SSLHandshake.java Mon Mar 08 16:38:21 2021 +0000 +++ b/src/share/classes/sun/security/ssl/SSLHandshake.java Mon Aug 19 12:56:48 2019 -0700 @@ -478,6 +478,16 @@ return "UNKNOWN-HANDSHAKE-MESSAGE(" + id + ")"; } + static boolean isKnown(byte id) { + for (SSLHandshake hs : SSLHandshake.values()) { + if (hs.id == id && id != NOT_APPLICABLE.id) { + return true; + } + } + + return false; + } + static final void kickstart(HandshakeContext context) throws IOException { if (context instanceof ClientHandshakeContext) { // For initial handshaking, including session resumption,
--- a/src/share/classes/sun/security/ssl/SSLSocketInputRecord.java Mon Mar 08 16:38:21 2021 +0000 +++ b/src/share/classes/sun/security/ssl/SSLSocketInputRecord.java Mon Aug 19 12:56:48 2019 -0700 @@ -302,8 +302,15 @@ } handshakeFrag.mark(); - // skip the first byte: handshake type + + // Fail fast for unknown handshake message. byte handshakeType = handshakeFrag.get(); + if (!SSLHandshake.isKnown(handshakeType)) { + throw new SSLProtocolException( + "Unknown handshake type size, Handshake.msg_type = " + + (handshakeType & 0xFF)); + } + int handshakeBodyLen = Record.getInt24(handshakeFrag); if (handshakeBodyLen > SSLConfiguration.maxHandshakeMessageSize) { throw new SSLProtocolException(