8044860: Vectors and fixed length fields should be verified for allowed sizes.

Reviewed-by: xuelei

8044860: Vectors and fixed length fields should be verified for allowed sizes.
Reviewed-by: xuelei
8a9e08eb · igerasim · 0c9da838 · 8a9e08eb · 8a9e08eb · 8a9e08eb
3 changed file
--- a/src/share/classes/sun/security/ssl/HandshakeMessage.java
+++ b/src/share/classes/sun/security/ssl/HandshakeMessage.java
 /*
- * Copyright (c) 1996, 2012, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1996, 2015, Oracle and/or its affiliates. All rights reserved.
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 *
 * This code is free software; you can redistribute it and/or modify it
@@ -243,6 +243,7 @@ static final class ClientHello extends HandshakeMessage {
        protocolVersion = ProtocolVersion.valueOf(s.getInt8(), s.getInt8());
        clnt_random = new RandomCookie(s);
        sessionId = new SessionId(s.getBytes8());
+        sessionId.checkLength(protocolVersion);
        cipherSuites = new CipherSuiteList(s);
        compression_methods = s.getBytes8();
        if (messageLength() != messageLength) {
@@ -355,6 +356,7 @@ class ServerHello extends HandshakeMessage
                                                  input.getInt8());
        svr_random = new RandomCookie(input);
        sessionId = new SessionId(input.getBytes8());
+        sessionId.checkLength(protocolVersion);
        cipherSuite = CipherSuite.valueOf(input.getInt8(), input.getInt8());
        compression_method = (byte)input.getInt8();
        if (messageLength() != messageLength) {

--- a/src/share/classes/sun/security/ssl/SessionId.java
+++ b/src/share/classes/sun/security/ssl/SessionId.java
@@ -27,6 +27,7 @@
 package sun.security.ssl;
 import java.security.SecureRandom;
+import javax.net.ssl.SSLProtocolException;
 /**
 * Encapsulates an SSL session ID.  SSL Session IDs are not reused by
@@ -41,6 +42,7 @@ import java.security.SecureRandom;
 final
 class SessionId
 {
+    static int MAX_LENGTH = 32;
    private byte sessionId [];          // max 32 bytes
    /** Constructs a new session ID ... perhaps for a rejoinable session */
@@ -114,4 +116,19 @@ class SessionId
        }
        return true;
    }
+    /**
+     * Checks the length of the session ID to make sure it sits within
+     * the range called out in the specification
+     */
+    void checkLength(ProtocolVersion pv) throws SSLProtocolException {
+        // As of today all versions of TLS have a 32-byte maximum length.
+        // In the future we can do more here to support protocol versions
+        // that may have longer max lengths.
+        if (sessionId.length > MAX_LENGTH) {
+            throw new SSLProtocolException("Invalid session ID length (" +
+                    sessionId.length + " bytes)");
+        }
+    }
 }
--- a/test/sun/security/ssl/com/sun/net/ssl/internal/ssl/ClientHandshaker/LengthCheckTest.java
+++ b/test/sun/security/ssl/com/sun/net/ssl/internal/ssl/ClientHandshaker/LengthCheckTest.java