RFR: 8323562: SaslInputStream.read() may return wrong value
Alan Bateman
alanb at openjdk.org
Fri Jan 12 11:56:18 UTC 2024
On Fri, 12 Jan 2024 11:43:23 GMT, Aleksey Shipilev <shade at openjdk.org> wrote:
> No need, that one is an easy target for static analyzers. This bug was found by one :)
I think this one will require digging into whether the no-arg read is used in the authentication or not. It might not be, in which case it's not testable with something that emulates LDAPv3. However if it is used then we should have fuzzing or other tests to exercise it. I'm not saying it should be part of this PR but finding a 15+ year issue in authentication code is concerning so will need follow-up.
-------------
PR Comment: https://git.openjdk.org/jdk/pull/17365#issuecomment-1888973627
More information about the core-libs-dev
mailing list