tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject [Bug 61948] BufferUnderflowException and IllegalArgumentException in TLSClientHelloExtractor
Date Mon, 01 Jan 2018 03:59:33 GMT
https://bz.apache.org/bugzilla/show_bug.cgi?id=61948

--- Comment #1 from Evgenij Ryazanov <katzyn@gmail.com> ---
The following simple code causes BufferUnderflowException in
TLSClientHelloExtractor.isClientHello() and IllegalArgumentException in
TLSClientHelloExtractor.skipBytes().

import java.io.OutputStream;
import java.net.Socket;
import javax.net.SocketFactory;

byte[][] data = {
{ /* TLS handshake */ 22, /* TLS 1.0 */ 3, 1, /* Length 0 */ 0, 0 },
{ /* TLS handshake */ 22, /* TLS 1.0 */ 3, 1, /* Length 4 */ 0, 4, /* Type 1 */
1, /* Size 0 */ 0, 0, 0 },
};

for (byte[] a : data)
  try (Socket s = SocketFactory.getDefault().createSocket("hostname", 443);
       OutputStream out = s.getOutputStream()) {
    out.write(a);
  }

There are many ways to get exceptions with larger ill-formed packets.

-- 
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org


Mime
View raw message