Code review request, 7200295 CertificateRequest message is wrapping when using large numbers of Certs (original) (raw)

Xuelei Fan xuelei.fan at oracle.com
Tue Sep 25 02:01:56 UTC 2012

On 9/25/2012 9:23 AM, Brad Wetmore wrote:

Are there situations where we might overflow the int? Yes, it is possible for many integer add operations. As 2^32 is a lot bigger than 2^24 (the biggest number TLS protocol allows), I'm not worried too much about int32 overflow.

Integer overflow checking would make the code ugly. For example, normally, we do add operations as: int result = 1 + len + anotherLen;

if we want to check overflow, the code would look like: int result = 1; if (result > Integer.MAX_VALUE - len) { result += len; } else { // overflow }

// the same for anotherLen

I did not think it is necessary.

For example, in CertificateRequest.messageLength()

for (int i = 0; i < authorities.length; i++) { len += authorities[i].length(); } What if len overflows? Also, all of these field's callers are overflow-1? I'm not sure I get your point. In RFC5246, exception session ID, other variable length is one of 2^8-1, 2^16-1 or 2^24 -1.

Xuelei

Brad

On 9/23/2012 7:42 PM, Xuelei Fan wrote: Hi, Please review the update to check output filed length overflow in TLS handshaking. bug : http://bugs.sun.com/bugdatabase/viewbug.do?bugid=7200295 webrev: http://cr.openjdk.java.net/~xuelei/7200295/webrev.00/ The cause of the bug is that for 8, 16, 24 bits length-variable fields, before put the bytes into the fields, we do not check that the length of the bytes is less than the capabilities of the field. Thanks, Xuelei

More information about the security-dev mailing list