[8u] RFR: 8028591: NegativeArraySizeException in sun.security.util.DerInputStream.getUnalignedBitString()
Martin Balao
mbalao at redhat.com
Thu May 21 20:10:30 UTC 2020
On 5/20/20 5:41 PM, Andrew Hughes wrote:
> Bug: https://bugs.openjdk.java.net/browse/JDK-8028591
> Webrev: https://cr.openjdk.java.net/~andrew/openjdk8/8028591/webrev.01/
>
> Simple range check additions that have been in OpenJDK since 9u. On the
> Oracle parity list for 8u26{1,2}.
Thanks for contributing this backport.
> Modifications for the backport are the result of security fixes that
> have been applied to 8u since the fix was made earlier in the 9u lifecycle:
>
> * The check on validBits in
> src/share/classes/sun/security/util/DerInputStream.java was already
> added by JDK-8168714: "Tighten ECDSA validation"
Yes, I verified that the patch does not need the validBits because the
current code already has it.
>
> * The len was already assigned to a variable in
> src/share/classes/sun/security/util/ObjectIdentifier.java for
> JDK-8168705: "Better ObjectIdentifier validation" which checked the
> upper bound.
>
Yes, that's correct.
> Also, the copyright header change is redundant as JDK-8175251: "Failed
> to load RSA private key from pkcs12" already bumped it to 2017.
>
Yes, that's right. Copyright's last date is 2017 in DerInputStream.java.
> Ok for 8u262?
Looks good to me.
More information about the jdk8u-dev
mailing list