-
Bug
-
Resolution: Fixed
-
P4
-
19, 21, 22
-
b02
-
generic
-
generic
| Issue | Fix Version | Assignee | Priority | Status | Resolution | Resolved In Build |
|---|---|---|---|---|---|---|
| JDK-8329573 | 21.0.4 | Goetz Lindenmaier | P4 | Resolved | Fixed | b01 |
A fuzzed client hello request causes an IAE during handshake:
Exception in thread "main" java.lang.IllegalArgumentException: improperly specified input name
at java.base/javax.security.auth.x500.X500Principal.<init>(X500Principal.java:227)
at java.base/sun.security.ssl.CertificateAuthoritiesExtension$CertificateAuthoritiesSpec.getAuthorities(CertificateAuthoritiesExtension.java:129)
at java.base/sun.security.ssl.CertificateAuthoritiesExtension$CHCertificateAuthoritiesConsumer.consume(CertificateAuthoritiesExtension.java:280)
at java.base/sun.security.ssl.SSLExtension.consumeOnLoad(SSLExtension.java:609)
at java.base/sun.security.ssl.SSLExtensions.consumeOnLoad(SSLExtensions.java:201)
at java.base/sun.security.ssl.ClientHello$T13ClientHelloConsumer.consume(ClientHello.java:1176)
at java.base/sun.security.ssl.ClientHello$ClientHelloConsumer.onClientHello(ClientHello.java:840)
at java.base/sun.security.ssl.ClientHello$ClientHelloConsumer.consume(ClientHello.java:801)
at java.base/sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396)
at java.base/sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480)
at java.base/sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1273)
at java.base/sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1260)
at java.base/java.security.AccessController.doPrivileged(AccessController.java:712)
at java.base/sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1205)
at SSLEngineServerReadFile.runDelegatedTasks(SSLEngineServerReadFile.java:123)
at SSLEngineServerReadFile.runDemo(SSLEngineServerReadFile.java:94)
at SSLEngineServerReadFile.main(SSLEngineServerReadFile.java:46)
Caused by: java.io.IOException: Invalid lenByte
at java.base/sun.security.util.DerValue.<init>(DerValue.java:405)
at java.base/sun.security.util.DerInputStream.getDerValue(DerInputStream.java:110)
at java.base/sun.security.util.DerValue.subs(DerValue.java:1283)
at java.base/sun.security.util.DerInputStream.getSequence(DerInputStream.java:204)
at java.base/sun.security.x509.X500Name.parseDER(X500Name.java:804)
at java.base/sun.security.x509.X500Name.<init>(X500Name.java:333)
at java.base/javax.security.auth.x500.X500Principal.<init>(X500Principal.java:225)
... 16 more
Exception in thread "main" java.lang.IllegalArgumentException: improperly specified input name
at java.base/javax.security.auth.x500.X500Principal.<init>(X500Principal.java:227)
at java.base/sun.security.ssl.CertificateAuthoritiesExtension$CertificateAuthoritiesSpec.getAuthorities(CertificateAuthoritiesExtension.java:129)
at java.base/sun.security.ssl.CertificateAuthoritiesExtension$CHCertificateAuthoritiesConsumer.consume(CertificateAuthoritiesExtension.java:280)
at java.base/sun.security.ssl.SSLExtension.consumeOnLoad(SSLExtension.java:609)
at java.base/sun.security.ssl.SSLExtensions.consumeOnLoad(SSLExtensions.java:201)
at java.base/sun.security.ssl.ClientHello$T13ClientHelloConsumer.consume(ClientHello.java:1176)
at java.base/sun.security.ssl.ClientHello$ClientHelloConsumer.onClientHello(ClientHello.java:840)
at java.base/sun.security.ssl.ClientHello$ClientHelloConsumer.consume(ClientHello.java:801)
at java.base/sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396)
at java.base/sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480)
at java.base/sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1273)
at java.base/sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1260)
at java.base/java.security.AccessController.doPrivileged(AccessController.java:712)
at java.base/sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1205)
at SSLEngineServerReadFile.runDelegatedTasks(SSLEngineServerReadFile.java:123)
at SSLEngineServerReadFile.runDemo(SSLEngineServerReadFile.java:94)
at SSLEngineServerReadFile.main(SSLEngineServerReadFile.java:46)
Caused by: java.io.IOException: Invalid lenByte
at java.base/sun.security.util.DerValue.<init>(DerValue.java:405)
at java.base/sun.security.util.DerInputStream.getDerValue(DerInputStream.java:110)
at java.base/sun.security.util.DerValue.subs(DerValue.java:1283)
at java.base/sun.security.util.DerInputStream.getSequence(DerInputStream.java:204)
at java.base/sun.security.x509.X500Name.parseDER(X500Name.java:804)
at java.base/sun.security.x509.X500Name.<init>(X500Name.java:333)
at java.base/javax.security.auth.x500.X500Principal.<init>(X500Principal.java:225)
... 16 more
- backported by
-
JDK-8329573 SSLEngine throws IAE during parsing of X500Principal
-
- Resolved
-
