提交 8a9e08eb 编写于 作者: I igerasim

8044860: Vectors and fixed length fields should be verified for allowed sizes.

Reviewed-by: xuelei
上级 0c9da838
/* /*
* Copyright (c) 1996, 2012, Oracle and/or its affiliates. All rights reserved. * Copyright (c) 1996, 2015, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
* *
* This code is free software; you can redistribute it and/or modify it * This code is free software; you can redistribute it and/or modify it
...@@ -243,6 +243,7 @@ static final class ClientHello extends HandshakeMessage { ...@@ -243,6 +243,7 @@ static final class ClientHello extends HandshakeMessage {
protocolVersion = ProtocolVersion.valueOf(s.getInt8(), s.getInt8()); protocolVersion = ProtocolVersion.valueOf(s.getInt8(), s.getInt8());
clnt_random = new RandomCookie(s); clnt_random = new RandomCookie(s);
sessionId = new SessionId(s.getBytes8()); sessionId = new SessionId(s.getBytes8());
sessionId.checkLength(protocolVersion);
cipherSuites = new CipherSuiteList(s); cipherSuites = new CipherSuiteList(s);
compression_methods = s.getBytes8(); compression_methods = s.getBytes8();
if (messageLength() != messageLength) { if (messageLength() != messageLength) {
...@@ -355,6 +356,7 @@ class ServerHello extends HandshakeMessage ...@@ -355,6 +356,7 @@ class ServerHello extends HandshakeMessage
input.getInt8()); input.getInt8());
svr_random = new RandomCookie(input); svr_random = new RandomCookie(input);
sessionId = new SessionId(input.getBytes8()); sessionId = new SessionId(input.getBytes8());
sessionId.checkLength(protocolVersion);
cipherSuite = CipherSuite.valueOf(input.getInt8(), input.getInt8()); cipherSuite = CipherSuite.valueOf(input.getInt8(), input.getInt8());
compression_method = (byte)input.getInt8(); compression_method = (byte)input.getInt8();
if (messageLength() != messageLength) { if (messageLength() != messageLength) {
......
...@@ -27,6 +27,7 @@ ...@@ -27,6 +27,7 @@
package sun.security.ssl; package sun.security.ssl;
import java.security.SecureRandom; import java.security.SecureRandom;
import javax.net.ssl.SSLProtocolException;
/** /**
* Encapsulates an SSL session ID. SSL Session IDs are not reused by * Encapsulates an SSL session ID. SSL Session IDs are not reused by
...@@ -41,6 +42,7 @@ import java.security.SecureRandom; ...@@ -41,6 +42,7 @@ import java.security.SecureRandom;
final final
class SessionId class SessionId
{ {
static int MAX_LENGTH = 32;
private byte sessionId []; // max 32 bytes private byte sessionId []; // max 32 bytes
/** Constructs a new session ID ... perhaps for a rejoinable session */ /** Constructs a new session ID ... perhaps for a rejoinable session */
...@@ -114,4 +116,19 @@ class SessionId ...@@ -114,4 +116,19 @@ class SessionId
} }
return true; return true;
} }
/**
* Checks the length of the session ID to make sure it sits within
* the range called out in the specification
*/
void checkLength(ProtocolVersion pv) throws SSLProtocolException {
// As of today all versions of TLS have a 32-byte maximum length.
// In the future we can do more here to support protocol versions
// that may have longer max lengths.
if (sessionId.length > MAX_LENGTH) {
throw new SSLProtocolException("Invalid session ID length (" +
sessionId.length + " bytes)");
}
}
} }
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册