--- a/src/java.base/share/classes/sun/security/ssl/SSLSocketInputRecord.java Thu Oct 17 20:27:44 2019 +0100
+++ b/src/java.base/share/classes/sun/security/ssl/SSLSocketInputRecord.java Thu Oct 17 20:53:35 2019 +0100
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 1996, 2018, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1996, 2019, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -302,8 +302,15 @@
}
handshakeFrag.mark();
- // skip the first byte: handshake type
+
+ // Fail fast for unknown handshake message.
byte handshakeType = handshakeFrag.get();
+ if (!SSLHandshake.isKnown(handshakeType)) {
+ throw new SSLProtocolException(
+ "Unknown handshake type size, Handshake.msg_type = " +
+ (handshakeType & 0xFF));
+ }
+
int handshakeBodyLen = Record.getInt24(handshakeFrag);
handshakeFrag.reset();
int handshakeMessageLen =
@@ -313,7 +320,9 @@
handshakeBuffer.put(handshakeFrag);
handshakeBuffer.rewind();
break;
- } if (remaining == handshakeMessageLen) {
+ }
+
+ if (remaining == handshakeMessageLen) {
if (handshakeHash.isHashable(handshakeType)) {
handshakeHash.receive(handshakeFrag);
}