8221253: TLSv1.3 may generate TLSInnerPlainText longer than 2^14+1 bytes

Reviewed-by: jnimeh
2025-08-28 15:24:43 +02:00 · 2019-05-10 12:33:40 -07:00 · 2019-05-10 12:33:40 -07:00 · 7aec6727ac
commit 7aec6727ac
parent 032fff8042
5 changed files with 138 additions and 25 deletions
--- a/src/java.base/share/classes/sun/security/ssl/DTLSOutputRecord.java
+++ b/src/java.base/share/classes/sun/security/ssl/DTLSOutputRecord.java
@ -244,9 +244,8 @@ final class DTLSOutputRecord extends OutputRecord implements DTLSRecord {
            fragLen = Record.maxDataSize;
        }

-        if (fragmentSize > 0) {
-            fragLen = Math.min(fragLen, fragmentSize);
-        }
+        // Calculate more impact, for example TLS 1.3 padding.
+        fragLen = calculateFragmentSize(fragLen);

        int dstPos = destination.position();
        int dstLim = destination.limit();
@ -464,9 +463,8 @@ final class DTLSOutputRecord extends OutputRecord implements DTLSRecord {
                fragLen = Record.maxDataSize;
            }

-            if (fragmentSize > 0) {
-                fragLen = Math.min(fragLen, fragmentSize);
-            }
+            // Calculate more impact, for example TLS 1.3 padding.
+            fragLen = calculateFragmentSize(fragLen);

            int dstPos = dstBuf.position();
            int dstLim = dstBuf.limit();
--- a/src/java.base/share/classes/sun/security/ssl/OutputRecord.java
+++ b/src/java.base/share/classes/sun/security/ssl/OutputRecord.java
@ -64,7 +64,7 @@ abstract class OutputRecord
    int                         packetSize;

    // fragment size
-    int                         fragmentSize;
+    private int                 fragmentSize;

    // closed or not?
    volatile boolean            isClosed;
@ -293,6 +293,24 @@ abstract class OutputRecord
    // shared helpers
    //

+    private static final class T13PaddingHolder {
+        private static final byte[] zeros = new byte[16];
+    }
+
+    int calculateFragmentSize(int fragmentLimit) {
+        if (fragmentSize > 0) {
+            fragmentLimit = Math.min(fragmentLimit, fragmentSize);
+        }
+
+        if (protocolVersion.useTLS13PlusSpec()) {
+            // No negative integer checking as the fragment capacity should
+            // have been ensured.
+            return fragmentLimit -  T13PaddingHolder.zeros.length - 1;
+        }
+
+        return fragmentLimit;
+    }
+
    // Encrypt a fragment and wrap up a record.
    //
    // To be consistent with the spec of SSLEngine.wrap() methods, the
@ -374,8 +392,12 @@ abstract class OutputRecord
        if (!encCipher.isNullCipher()) {
            // inner plaintext, using zero length padding.
            int endOfPt = destination.limit();
-            destination.limit(endOfPt + 1);
-            destination.put(endOfPt, contentType);
+            int startOfPt = destination.position();
+            destination.position(endOfPt);
+            destination.limit(endOfPt + 1 + T13PaddingHolder.zeros.length);
+            destination.put(contentType);
+            destination.put(T13PaddingHolder.zeros);
+            destination.position(startOfPt);
        }

        // use the right TLSCiphertext.opaque_type and legacy_record_version
@ -443,10 +465,6 @@ abstract class OutputRecord
        }
    }

-    private static final class T13PaddingHolder {
-        private static final byte[] zeros = new byte[16];
-    }
-
    private long t13Encrypt(
            SSLWriteCipher encCipher, byte contentType, int headerSize) {
        if (!encCipher.isNullCipher()) {
--- a/src/java.base/share/classes/sun/security/ssl/SSLEngineOutputRecord.java
+++ b/src/java.base/share/classes/sun/security/ssl/SSLEngineOutputRecord.java
@ -237,9 +237,8 @@ final class SSLEngineOutputRecord extends OutputRecord implements SSLRecord {
                    fragLen = Record.maxDataSize;
                }

-                if (fragmentSize > 0) {
-                    fragLen = Math.min(fragLen, fragmentSize);
-                }
+                // Calculate more impact, for example TLS 1.3 padding.
+                fragLen = calculateFragmentSize(fragLen);
            }

            int dstPos = destination.position();
@ -444,9 +443,8 @@ final class SSLEngineOutputRecord extends OutputRecord implements SSLRecord {
                fragLen = Record.maxDataSize;
            }

-            if (fragmentSize > 0) {
-                fragLen = Math.min(fragLen, fragmentSize);
-            }
+            // Calculate more impact, for example TLS 1.3 padding.
+            fragLen = calculateFragmentSize(fragLen);

            int dstPos = dstBuf.position();
            int dstLim = dstBuf.limit();
--- a/src/java.base/share/classes/sun/security/ssl/SSLSocketOutputRecord.java
+++ b/src/java.base/share/classes/sun/security/ssl/SSLSocketOutputRecord.java
@ -312,9 +312,8 @@ final class SSLSocketOutputRecord extends OutputRecord implements SSLRecord {
                    fragLen = Record.maxDataSize;
                }

-                if (fragmentSize > 0) {
-                    fragLen = Math.min(fragLen, fragmentSize);
-                }
+                // Calculate more impact, for example TLS 1.3 padding.
+                fragLen = calculateFragmentSize(fragLen);

                if (isFirstRecordOfThePayload && needToSplitPayload()) {
                    fragLen = 1;
@ -413,9 +412,8 @@ final class SSLSocketOutputRecord extends OutputRecord implements SSLRecord {
            fragLimit = Record.maxDataSize;
        }

-        if (fragmentSize > 0) {
-            fragLimit = Math.min(fragLimit, fragmentSize);
-        }
+        // Calculate more impact, for example TLS 1.3 padding.
+        fragLimit = calculateFragmentSize(fragLimit);

        return fragLimit;
    }