[jdk8u-dev] RFR: 8296343: CPVE thrown on missing content-length in OCSP response
Alexey Pavlyutkin
duke at openjdk.org
Wed Jun 7 10:27:15 UTC 2023
Hi!
Here is backport of **[JDK-8296343: CPVE thrown on missing content-length in OCSP response](https://bugs.openjdk.org/browse/JDK-8296343)**. The patch from `11u` applied with the following changes (except the path shuflling):
**`jdk/src/java.base/share/classes/sun/security/provider/certpath/OCSP.java`**
- reading response content from the input stream reworked due to `InputStream.readAllBytes()` and `IOUtils.readExactlyNBytes()` are not available in `8`
**`jdk/test/sun/security/provider/certpath/OCSP/OCSPNoContentLength.java`**
- unsupported `List.of()` and `Set.of()` replaced with equivalent code
- added a newline at the end of the file
Verification (amd64/20.04): newly added `test/jdk/sun/security/provider/certpath/OCSP/OCSPNoContentLength.java` **FAILS**, will be fixed by backporting of [JDK-8300939](https://bugs.openjdk.org/browse/JDK-8300939)
Regression (amd64/20.04): `jdk_security`
-------------
Depends on: https://git.openjdk.org/jdk8u-dev/pull/331
Commit messages:
- removing trailing whitespaces
- cleaning up
- properly fix
- Backport 1a3cb8c5018bc016c2ad6b078e4abe13b39d151c
Changes: https://git.openjdk.org/jdk8u-dev/pull/332/files
Webrev: https://webrevs.openjdk.org/?repo=jdk8u-dev&pr=332&range=00
Issue: https://bugs.openjdk.org/browse/JDK-8296343
Stats: 432 lines in 9 files changed: 310 ins; 32 del; 90 mod
Patch: https://git.openjdk.org/jdk8u-dev/pull/332.diff
Fetch: git fetch https://git.openjdk.org/jdk8u-dev.git pull/332/head:pull/332
PR: https://git.openjdk.org/jdk8u-dev/pull/332
More information about the jdk8u-dev
mailing list