Mercurial > hg > release > icedtea7-forest-2.6 > jdk

changeset 9998:7345953eea82

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
8245417: Improve certificate chain handling Reviewed-by: bae, yan
author abakhtin
date Wed, 23 Sep 2020 13:38:26 +0300
parents 9023dd3e87df
children c032da475287
files src/share/classes/sun/security/ssl/HandshakeMessage.java src/share/classes/sun/security/ssl/Handshaker.java
diffstat 2 files changed, 28 insertions(+), 0 deletions(-) [+]
line wrap: on
line diff
--- a/src/share/classes/sun/security/ssl/HandshakeMessage.java	Wed Jun 17 08:48:03 2020 +0000
+++ b/src/share/classes/sun/security/ssl/HandshakeMessage.java	Wed Sep 23 13:38:26 2020 +0300
@@ -45,6 +45,7 @@
 
 import javax.net.ssl.*;
 
+import sun.security.action.GetIntegerAction;
 import sun.security.internal.spec.TlsPrfParameterSpec;
 import sun.security.ssl.CipherSuite.*;
 import static sun.security.ssl.CipherSuite.PRF.*;
@@ -433,6 +434,10 @@
 
     private int messageLength;
 
+    // Set the max certificate chain length to 10
+    static final int maxCertificateChainLength = AccessController.doPrivileged(
+            new GetIntegerAction("jdk.tls.maxCertificateChainLength", 10)).intValue();
+
     CertificateMsg(X509Certificate[] certs) {
         chain = certs;
     }
@@ -450,6 +455,15 @@
                     cf = CertificateFactory.getInstance("X.509");
                 }
                 v.add(cf.generateCertificate(new ByteArrayInputStream(cert)));
+
+                if (v.size() > maxCertificateChainLength) {
+                    throw new SSLProtocolException(
+                            "The certificate chain length ("
+                                    + v.size()
+                                    + ") exceeds the maximum allowed length ("
+                                    + maxCertificateChainLength
+                                    + ")");
+                }
             } catch (CertificateException e) {
                 throw (SSLProtocolException)new SSLProtocolException(
                     e.getMessage()).initCause(e);
--- a/src/share/classes/sun/security/ssl/Handshaker.java	Wed Jun 17 08:48:03 2020 +0000
+++ b/src/share/classes/sun/security/ssl/Handshaker.java	Wed Sep 23 13:38:26 2020 +0300
@@ -36,6 +36,7 @@
 import javax.net.ssl.*;
 import sun.misc.HexDumpEncoder;
 
+import sun.security.action.GetIntegerAction;
 import sun.security.internal.spec.*;
 import sun.security.internal.interfaces.TlsMasterSecret;
 
@@ -186,6 +187,10 @@
     static final boolean allowLegacyMasterSecret =
             Debug.getBooleanProperty("jdk.tls.allowLegacyMasterSecret", true);
 
+    // Set the max size limit for Handshake Message to 2^15
+    static final int maxHandshakeMessageSize = AccessController.doPrivileged(
+            new GetIntegerAction("jdk.tls.maxHandshakeMessageSize", 32768)).intValue();
+
     // Is it requested to use extended master secret extension?
     boolean requestedToUseEMS = false;
 
@@ -936,6 +941,15 @@
             messageType = (byte)input.getInt8();
             messageLen = input.getInt24();
 
+            if (messageLen > maxHandshakeMessageSize) {
+                throw new SSLProtocolException(
+                        "The size of the handshake message ("
+                        + messageLen
+                        + ") exceeds the maximum allowed size ("
+                        + maxHandshakeMessageSize
+                        + ")");
+            }
+
             if (input.available() < messageLen) {
                 input.reset();
                 return;