Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
openanolis
dragonwell8_jdk
提交
8a9e08eb
D
dragonwell8_jdk
项目概览
openanolis
/
dragonwell8_jdk
通知
3
Star
2
Fork
0
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Issue
0
列表
看板
标记
里程碑
合并请求
0
Wiki
0
Wiki
分析
仓库
DevOps
项目成员
Pages
D
dragonwell8_jdk
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Issue
0
Issue
0
列表
看板
标记
里程碑
合并请求
0
合并请求
0
Pages
分析
分析
仓库分析
DevOps
Wiki
0
Wiki
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
创建新Issue
提交
Issue看板
体验新版 GitCode,发现更多精彩内容 >>
提交
8a9e08eb
编写于
3月 19, 2015
作者:
I
igerasim
浏览文件
操作
浏览文件
下载
电子邮件补丁
差异文件
8044860: Vectors and fixed length fields should be verified for allowed sizes.
Reviewed-by: xuelei
上级
0c9da838
变更
3
展开全部
隐藏空白更改
内联
并排
Showing
3 changed file
with
834 addition
and
1 deletion
+834
-1
src/share/classes/sun/security/ssl/HandshakeMessage.java
src/share/classes/sun/security/ssl/HandshakeMessage.java
+3
-1
src/share/classes/sun/security/ssl/SessionId.java
src/share/classes/sun/security/ssl/SessionId.java
+17
-0
test/sun/security/ssl/com/sun/net/ssl/internal/ssl/ClientHandshaker/LengthCheckTest.java
...et/ssl/internal/ssl/ClientHandshaker/LengthCheckTest.java
+814
-0
未找到文件。
src/share/classes/sun/security/ssl/HandshakeMessage.java
浏览文件 @
8a9e08eb
/*
* Copyright (c) 1996, 201
2
, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 1996, 201
5
, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
...
...
@@ -243,6 +243,7 @@ static final class ClientHello extends HandshakeMessage {
protocolVersion
=
ProtocolVersion
.
valueOf
(
s
.
getInt8
(),
s
.
getInt8
());
clnt_random
=
new
RandomCookie
(
s
);
sessionId
=
new
SessionId
(
s
.
getBytes8
());
sessionId
.
checkLength
(
protocolVersion
);
cipherSuites
=
new
CipherSuiteList
(
s
);
compression_methods
=
s
.
getBytes8
();
if
(
messageLength
()
!=
messageLength
)
{
...
...
@@ -355,6 +356,7 @@ class ServerHello extends HandshakeMessage
input
.
getInt8
());
svr_random
=
new
RandomCookie
(
input
);
sessionId
=
new
SessionId
(
input
.
getBytes8
());
sessionId
.
checkLength
(
protocolVersion
);
cipherSuite
=
CipherSuite
.
valueOf
(
input
.
getInt8
(),
input
.
getInt8
());
compression_method
=
(
byte
)
input
.
getInt8
();
if
(
messageLength
()
!=
messageLength
)
{
...
...
src/share/classes/sun/security/ssl/SessionId.java
浏览文件 @
8a9e08eb
...
...
@@ -27,6 +27,7 @@
package
sun.security.ssl
;
import
java.security.SecureRandom
;
import
javax.net.ssl.SSLProtocolException
;
/**
* Encapsulates an SSL session ID. SSL Session IDs are not reused by
...
...
@@ -41,6 +42,7 @@ import java.security.SecureRandom;
final
class
SessionId
{
static
int
MAX_LENGTH
=
32
;
private
byte
sessionId
[];
// max 32 bytes
/** Constructs a new session ID ... perhaps for a rejoinable session */
...
...
@@ -114,4 +116,19 @@ class SessionId
}
return
true
;
}
/**
* Checks the length of the session ID to make sure it sits within
* the range called out in the specification
*/
void
checkLength
(
ProtocolVersion
pv
)
throws
SSLProtocolException
{
// As of today all versions of TLS have a 32-byte maximum length.
// In the future we can do more here to support protocol versions
// that may have longer max lengths.
if
(
sessionId
.
length
>
MAX_LENGTH
)
{
throw
new
SSLProtocolException
(
"Invalid session ID length ("
+
sessionId
.
length
+
" bytes)"
);
}
}
}
test/sun/security/ssl/com/sun/net/ssl/internal/ssl/ClientHandshaker/LengthCheckTest.java
0 → 100644
浏览文件 @
8a9e08eb
此差异已折叠。
点击以展开。
编辑
预览
Markdown
is supported
0%
请重试
或
添加新附件
.
添加附件
取消
You are about to add
0
people
to the discussion. Proceed with caution.
先完成此消息的编辑!
取消
想要评论请
注册
或
登录