JDK-8267860 : Off-by-one bug when searching arrays in AlpnGreaseTest
  • Type: Bug
  • Component: security-libs
  • Sub-Component: javax.net.ssl
  • Affected Version: 11,16,18
  • Priority: P5
  • Status: Resolved
  • Resolution: Fixed
  • OS: generic
  • CPU: generic
  • Submitted: 2021-05-27
  • Updated: 2023-09-29
  • Resolved: 2022-06-13
The Version table provides details related to the release that this issue/RFE will be addressed.

Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.

To download the current JDK release, click here.
JDK 11 JDK 17 JDK 20
11.0.21-oracleFixed 17.0.9-oracleFixed 20 b02Fixed
Related Reports
Relates :  
JDK-8254631 - Better support ALPN byte wire values in SunJSSE
Description
It was noted during the backport of JDK-8254631 to 8u [1] that the original fix has an off-by-one error while comparing the 2 arrays in the test [2]. This means that there could be, in theory, a grease array in the client hello not detected. This case is not realistic given the client hello structure, but we should fix it anyways.

--
[1] - https://mail.openjdk.java.net/pipermail/jdk8u-dev/2021-May/013911.html
[2] - https://github.com/openjdk/jdk/blob/fe5cccc1ec76a5c29b1f55af311823f84483395b/test/jdk/sun/security/ssl/ALPN/AlpnGreaseTest.java#L86
Comments
[jdk11u-fix-request] Approval Request from Amos Backport
28-09-2023
A pull request was submitted for review. URL: https://git.openjdk.org/jdk11u-dev/pull/2144 Date: 2023-09-23 08:44:59 +0000
28-09-2023
A pull request was submitted for review. URL: https://git.openjdk.org/jdk17u-dev/pull/1644 Date: 2023-08-07 20:18:17 +0000
07-08-2023
Fix Request (17u): Should get backported for parity with 17.0.9-oracle. Applies cleanly. Test has passed.
07-08-2023
[~sgehwolf] Apologies for not thinking to have Kevin include you as the "Contributed-by". I forgot that you gave details in that linked email. Thank you.
13-06-2022
Changeset: 2adef6a1 Author: Kevin Driver <largeprimes@proton.me> Committer: Bradford Wetmore <wetmore@openjdk.org> Date: 2022-06-13 14:38:36 +0000 URL: https://git.openjdk.org/jdk/commit/2adef6a1f84d478bb38b179795f08ffa43680e36
13-06-2022
[~wetmore] Thanks for the info.
13-06-2022
A pull request was submitted for review. URL: https://git.openjdk.org/jdk/pull/9131 Date: 2022-06-10 17:12:30 +0000
11-06-2022
I agree with the proposed change above and have created a PR: https://github.com/openjdk/jdk/pull/9131
10-06-2022
[~sgehwolf] Yes, code is just about ready for review.
10-06-2022
[~wetmore] Is anybody working on this? If not, somebody from our team would like to take it.
08-06-2022
I've recommended this as a starter bug for a new employee.
07-06-2022
Original author: Discussion is correct. Test is off by one. Submitter can fix in JDK, or I can try to get to it. Labeling as a starter-bug in case someone new wants to learn the process. diff --git a/test/jdk/sun/security/ssl/ALPN/AlpnGreaseTest.java b/test/jdk/sun/security/ssl/ALPN/AlpnGreaseTest.java index d3c656043a2..75927eab47d 100644 --- a/test/jdk/sun/security/ssl/ALPN/AlpnGreaseTest.java +++ b/test/jdk/sun/security/ssl/ALPN/AlpnGreaseTest.java @@ -83,7 +83,7 @@ public class AlpnGreaseTest implements SSLContextTemplate { new String(greaseBytes, StandardCharsets.ISO_8859_1); private static void findGreaseInClientHello(byte[] bytes) throws Exception { - for (int i = 0; i < bytes.length - greaseBytes.length; i++) { + for (int i = 0; i < bytes.length - greaseBytes.length + 1; i++) { if (Arrays.equals(bytes, i, i + greaseBytes.length, greaseBytes, 0, greaseBytes.length)) { System.out.println("Found greaseBytes in ClientHello at: " + i);
02-06-2022