JDK-8042449 : Issue for negative byte major record version
Type:Bug
Component:security-libs
Sub-Component:javax.net.ssl
Affected Version:7-pool,8-pool,9
Priority:P3
Status:Closed
Resolution:Fixed
Submitted:2014-05-06
Updated:2014-11-21
Resolved:2014-05-07
The Version table provides details related to the release that this issue/RFE will be addressed.
Unresolved : Release in which this issue/RFE will be addressed. Resolved: Release in which this issue/RFE has been resolved. Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.
The current implementation cannot catch the bad record version if the major version byte is negative.
Comments
Code look good, the affected regression test pass in result:
http://aurora.ru.oracle.com/functional/faces/RunDetails.xhtml?names=632205.CORELIBS-JDK-NIGHTLY-JTREG-16
21-11-2014
Are you planning to backport to 7/8?
06-05-2014
Code review thread in OpenJDK:
http://mail.openjdk.java.net/pipermail/security-dev/2014-May/010452.html
---------------------------------------------------------------------------------------------------------
Hi,
Please review this simple but interesting fix:
http://cr.openjdk.java.net/~xuelei/8042449/webrev.00/
During the checking of invalid record version, a byte to byte comparing
is coded as:
if (...
recordVersion.major > ProtocolVersion.MAX.major) {
throw new SSLException
}
"recordVersion.major" and "ProtocolVersion.MAX.major" is byte type,
which is signed. If the major version is "0xa9", recordVersion.major is
a negative value (-87). If ProtocolVersion.MAX.major is positive, the
checking above does not work any more.
This fix converts the version number to positive value before make the
comparing.
Thanks,
Xuelei