Are there situations where we might overflow the int?
For example, in CertificateRequest.messageLength()
for (int i = 0; i < authorities.length; i++) {
len += authorities[i].length();
}
What if len overflows?
Also, all of these field's callers are overflow-1?
Brad
On 9/23/2012 7:42 PM, Xuelei Fan wrote:
Hi,
Please review the update to check output filed length overflow in TLS
handshaking.
bug : http://bugs.sun.com/bugdatabase/view_bug.do?bug_id=7200295
webrev: http://cr.openjdk.java.net/~xuelei/7200295/webrev.00/
The cause of the bug is that for 8, 16, 24 bits length-variable fields,
before put the bytes into the fields, we do not check that the length of
the bytes is less than the capabilities of the field.
Thanks,
Xuelei
