Mercurial > hg > release > icedtea7-forest-2.6 > jdk
changeset 9998:7345953eea82
8245417: Improve certificate chain handling
Reviewed-by: bae, yan
author | abakhtin |
---|---|
date | Wed, 23 Sep 2020 13:38:26 +0300 |
parents | 9023dd3e87df |
children | c032da475287 |
files | src/share/classes/sun/security/ssl/HandshakeMessage.java src/share/classes/sun/security/ssl/Handshaker.java |
diffstat | 2 files changed, 28 insertions(+), 0 deletions(-) [+] |
line wrap: on
line diff
--- a/src/share/classes/sun/security/ssl/HandshakeMessage.java Wed Jun 17 08:48:03 2020 +0000 +++ b/src/share/classes/sun/security/ssl/HandshakeMessage.java Wed Sep 23 13:38:26 2020 +0300 @@ -45,6 +45,7 @@ import javax.net.ssl.*; +import sun.security.action.GetIntegerAction; import sun.security.internal.spec.TlsPrfParameterSpec; import sun.security.ssl.CipherSuite.*; import static sun.security.ssl.CipherSuite.PRF.*; @@ -433,6 +434,10 @@ private int messageLength; + // Set the max certificate chain length to 10 + static final int maxCertificateChainLength = AccessController.doPrivileged( + new GetIntegerAction("jdk.tls.maxCertificateChainLength", 10)).intValue(); + CertificateMsg(X509Certificate[] certs) { chain = certs; } @@ -450,6 +455,15 @@ cf = CertificateFactory.getInstance("X.509"); } v.add(cf.generateCertificate(new ByteArrayInputStream(cert))); + + if (v.size() > maxCertificateChainLength) { + throw new SSLProtocolException( + "The certificate chain length (" + + v.size() + + ") exceeds the maximum allowed length (" + + maxCertificateChainLength + + ")"); + } } catch (CertificateException e) { throw (SSLProtocolException)new SSLProtocolException( e.getMessage()).initCause(e);
--- a/src/share/classes/sun/security/ssl/Handshaker.java Wed Jun 17 08:48:03 2020 +0000 +++ b/src/share/classes/sun/security/ssl/Handshaker.java Wed Sep 23 13:38:26 2020 +0300 @@ -36,6 +36,7 @@ import javax.net.ssl.*; import sun.misc.HexDumpEncoder; +import sun.security.action.GetIntegerAction; import sun.security.internal.spec.*; import sun.security.internal.interfaces.TlsMasterSecret; @@ -186,6 +187,10 @@ static final boolean allowLegacyMasterSecret = Debug.getBooleanProperty("jdk.tls.allowLegacyMasterSecret", true); + // Set the max size limit for Handshake Message to 2^15 + static final int maxHandshakeMessageSize = AccessController.doPrivileged( + new GetIntegerAction("jdk.tls.maxHandshakeMessageSize", 32768)).intValue(); + // Is it requested to use extended master secret extension? boolean requestedToUseEMS = false; @@ -936,6 +941,15 @@ messageType = (byte)input.getInt8(); messageLen = input.getInt24(); + if (messageLen > maxHandshakeMessageSize) { + throw new SSLProtocolException( + "The size of the handshake message (" + + messageLen + + ") exceeds the maximum allowed size (" + + maxHandshakeMessageSize + + ")"); + } + if (input.available() < messageLen) { input.reset(); return;