code review request: 7099399: cannot deal with CRL file larger than 16MB
Weijun Wang
weijun.wang at oracle.com
Tue Oct 11 03:13:50 UTC 2011
0xff will be 255, -1 means no byte to read, EOF.
On Oct 10, 2011, at 7:15 PM, Xuelei Fan <xuelei.fan at oracle.com> wrote:
> I'm not sure why the latest byte cannot be 0xFF? What about if my
> content length is 256? For example:
>
> 677 if (lowByte == -1) {
> 678 throw new IOException("Incomplete BER/DER length info");
> 679 }
>
> Otherwise, looks fine to me.
>
> Xuelei
>
> On 10/11/2011 9:05 AM, Weijun Wang wrote:
>> Webrev at http://cr.openjdk.java.net/~weijun/7099399/webrev.00/
>>
>> Basically, we're now accepting X.509 block of 4-octets length. For
>> simplicity, the highest byte must be <= 127, so that the length can be
>> expressed with a 32-bit int.
>>
>> Thanks
>> Max
>>
>>
>> -------- Original Message --------
>> *Change Request ID*: 7099399
>> *Synopsis*: cannot deal with CRL file larger than 16MB
>>
>> Product: java
>> Category: java
>> Subcategory: classes_security
>> Type: Defect
>>
>> === *Description*
>> ============================================================
>> The X.509 impl of CertificateFactory only parses X.509 blocks smaller
>> than 16MB, i.e. when the length can be encoded in 3 octets. Now we have
>> a customer whose CRL file is as big as 30MB.
>>
>
More information about the security-dev
mailing list