JDK-8042449 : Issue for negative byte major record version
  • Type: Bug
  • Component: security-libs
  • Sub-Component: javax.net.ssl
  • Affected Version: 7-pool,8-pool,9
  • Priority: P3
  • Status: Closed
  • Resolution: Fixed
  • Submitted: 2014-05-06
  • Updated: 2014-11-21
  • Resolved: 2014-05-07
The Version table provides details related to the release that this issue/RFE will be addressed.

Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.

To download the current JDK release, click here.
JDK 8 JDK 9
8u20Fixed 9 b13Fixed
Description
The current implementation cannot catch the bad record version if the major version byte is negative.
Comments
Code look good, the affected regression test pass in result: http://aurora.ru.oracle.com/functional/faces/RunDetails.xhtml?names=632205.CORELIBS-JDK-NIGHTLY-JTREG-16
21-11-2014
Are you planning to backport to 7/8?
06-05-2014
Code review thread in OpenJDK: http://mail.openjdk.java.net/pipermail/security-dev/2014-May/010452.html --------------------------------------------------------------------------------------------------------- Hi, Please review this simple but interesting fix: http://cr.openjdk.java.net/~xuelei/8042449/webrev.00/ During the checking of invalid record version, a byte to byte comparing is coded as: if (... recordVersion.major > ProtocolVersion.MAX.major) { throw new SSLException } "recordVersion.major" and "ProtocolVersion.MAX.major" is byte type, which is signed. If the major version is "0xa9", recordVersion.major is a negative value (-87). If ProtocolVersion.MAX.major is positive, the checking above does not work any more. This fix converts the version number to positive value before make the comparing. Thanks, Xuelei
06-05-2014