--- a/src/java.base/share/classes/sun/security/ssl/SSLSessionImpl.java Thu Dec 06 18:46:08 2018 -0800
+++ b/src/java.base/share/classes/sun/security/ssl/SSLSessionImpl.java Thu Dec 06 22:05:31 2018 -0800
@@ -176,7 +176,11 @@
/*
* Record a new session, using a given cipher spec, session ID,
- * and creation time
+ * and creation time.
+ * Note: For the unmodifiable collections and lists we are creating new
+ * collections as inputs to avoid potential deep nesting of
+ * unmodifiable collections that can cause StackOverflowErrors
+ * (see JDK-6323374).
*/
SSLSessionImpl(HandshakeContext hc,
CipherSuite cipherSuite, SessionId id, long creationTime) {
@@ -187,10 +191,11 @@
this.port = hc.conContext.transport.getPeerPort();
this.localSupportedSignAlgs = hc.localSupportedSignAlgs == null ?
Collections.emptySet() :
- Collections.unmodifiableCollection(hc.localSupportedSignAlgs);
+ Collections.unmodifiableCollection(
+ new ArrayList<>(hc.localSupportedSignAlgs));
this.serverNameIndication = hc.negotiatedServerName;
- this.requestedServerNames = Collections.<SNIServerName>unmodifiableList(
- hc.getRequestedServerNames());
+ this.requestedServerNames = Collections.unmodifiableList(
+ new ArrayList<>(hc.getRequestedServerNames()));
if (hc.sslConfig.isClientMode) {
this.useExtendedMasterSecret =
(hc.handshakeExtensions.get(
@@ -219,10 +224,8 @@
this.host = baseSession.getPeerHost();
this.port = baseSession.getPeerPort();
this.localSupportedSignAlgs =
- baseSession.localSupportedSignAlgs == null ?
- Collections.emptySet() :
- Collections.unmodifiableCollection(
- baseSession.localSupportedSignAlgs);
+ baseSession.localSupportedSignAlgs == null ?
+ Collections.emptySet() : baseSession.localSupportedSignAlgs;
this.peerSupportedSignAlgs =
baseSession.getPeerSupportedSignatureAlgorithms();
this.serverNameIndication = baseSession.serverNameIndication;