Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8295068

SSLEngine throws NPE parsing CertificateRequests

XMLWordPrintable

    • b06
    • generic
    • generic

        A fuzzed server hello message causes an NPE during handshake:

        Exception in thread "main" java.lang.NullPointerException: Cannot read field "isAvailable" because "cct" is null
        at java.base/sun.security.ssl.CertificateRequest$ClientCertificateType.getKeyTypes(CertificateRequest.java:138)
        at java.base/sun.security.ssl.CertificateRequest$T12CertificateRequestMessage.getKeyTypes(CertificateRequest.java:518)
        at java.base/sun.security.ssl.CertificateRequest$T12CertificateRequestConsumer.choosePossession(CertificateRequest.java:756)
        at java.base/sun.security.ssl.CertificateRequest$T12CertificateRequestConsumer.consume(CertificateRequest.java:733)
        at java.base/sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396)
        at java.base/sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480)
        at java.base/sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1273)
        at java.base/sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1260)
        at java.base/java.security.AccessController.doPrivileged(AccessController.java:712)
        at java.base/sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1205)
        at SSLEngineClientReadFile.runDelegatedTasks(SSLEngineClientReadFile.java:121)
        at SSLEngineClientReadFile.runDemo(SSLEngineClientReadFile.java:94)
        at SSLEngineClientReadFile.main(SSLEngineClientReadFile.java:45)

              kdriver Kevin Driver
              mschoene Marc Schönefeld
              Votes:
              0 Vote for this issue
              Watchers:
              8 Start watching this issue

                Created:
                Updated:
                Resolved: