8219389: Delegated task created by SSLEngine throws BufferUnderflowException

Reviewed-by: ascarpino
2025-08-27 14:54:52 +02:00 · 2019-02-20 10:20:48 -08:00 · 2019-02-20 10:20:48 -08:00 · 1d7db01371
commit 1d7db01371
parent ea42bbcd24
4 changed files with 22 additions and 11 deletions
--- a/src/java.base/share/classes/sun/security/ssl/ClientHello.java
+++ b/src/java.base/share/classes/sun/security/ssl/ClientHello.java
@ -803,13 +803,8 @@ final class ClientHello {
                    shc.sslConfig.getEnabledExtensions(
                            SSLHandshake.CLIENT_HELLO);

-            ClientHelloMessage chm;
-            try {
-                chm = new ClientHelloMessage(shc, message, enabledExtensions);
-            } catch (Exception e) {
-                throw shc.conContext.fatal(Alert.HANDSHAKE_FAILURE,
-                        "ClientHelloMessage failure", e);
-            }
+            ClientHelloMessage chm =
+                    new ClientHelloMessage(shc, message, enabledExtensions);
            if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
                SSLLogger.fine("Consuming ClientHello handshake message", chm);
            }
--- a/src/java.base/share/classes/sun/security/ssl/HandshakeContext.java
+++ b/src/java.base/share/classes/sun/security/ssl/HandshakeContext.java
@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2018, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2018, 2019, Oracle and/or its affiliates. All rights reserved.
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 *
 * This code is free software; you can redistribute it and/or modify it
@ -26,6 +26,8 @@
 package sun.security.ssl;

 import java.io.IOException;
+import java.nio.BufferOverflowException;
+import java.nio.BufferUnderflowException;
 import java.nio.ByteBuffer;
 import java.security.AlgorithmConstraints;
 import java.security.CryptoPrimitive;
@ -443,6 +445,10 @@ abstract class HandshakeContext implements ConnectionContext {
            throw conContext.fatal(Alert.UNEXPECTED_MESSAGE,
                    "Unsupported handshake message: " +
                    SSLHandshake.nameOf(handshakeType), unsoe);
+        } catch (BufferUnderflowException | BufferOverflowException be) {
+            throw conContext.fatal(Alert.DECODE_ERROR,
+                    "Illegal handshake message: " +
+                    SSLHandshake.nameOf(handshakeType), be);
        }

        // update handshake hash after handshake message consumption.
--- a/src/java.base/share/classes/sun/security/ssl/PostHandshakeContext.java
+++ b/src/java.base/share/classes/sun/security/ssl/PostHandshakeContext.java
@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2018, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2018, 2019, Oracle and/or its affiliates. All rights reserved.
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 *
 * This code is free software; you can redistribute it and/or modify it
@ -26,6 +26,8 @@
 package sun.security.ssl;

 import java.io.IOException;
+import java.nio.BufferOverflowException;
+import java.nio.BufferUnderflowException;
 import java.nio.ByteBuffer;
 import java.util.ArrayList;
 import java.util.LinkedHashMap;
@ -74,6 +76,10 @@ final class PostHandshakeContext extends HandshakeContext {
            throw conContext.fatal(Alert.UNEXPECTED_MESSAGE,
                    "Unsupported post-handshake message: " +
                            SSLHandshake.nameOf(handshakeType), unsoe);
+        } catch (BufferUnderflowException | BufferOverflowException be) {
+            throw conContext.fatal(Alert.DECODE_ERROR,
+                    "Illegal handshake message: " +
+                    SSLHandshake.nameOf(handshakeType), be);
        }
    }
 }