On Fri, 9 Apr 2021 04:55:14 GMT, Xue-Lei Andrew Fan <xue...@openjdk.org> wrote:
> To improve the readability, it would be nice to check the TLS extensions > total length while parsing. > > No new regression test, trial update. src/java.base/share/classes/sun/security/ssl/SSLExtensions.java line 68: > 66: Alert.ILLEGAL_PARAMETER, > 67: "Insufficient extensions data"); > 68: } For both of these blocks the checks themselves look OK, but illegal_parameter I thought was more for cases where a field value is out of range or inconsistent with already negotiated parameters. I would think that decode_error would be more appropriate to cases like this where the encoding is structurally incorrect and the length doesn't match the actual data size. ------------- PR: https://git.openjdk.java.net/jdk/pull/3405