code review request: 7099399: cannot deal with CRL file larger than 16MB

Xuelei Fan xuelei.fan at oracle.com
Tue Oct 11 03:19:15 UTC 2011


Right! Then fine to me.

Thanks,
Xuelei

On 10/11/2011 11:13 AM, Weijun Wang wrote:
> 0xff will be 255, -1 means no byte to read, EOF.
> 
> 
> On Oct 10, 2011, at 7:15 PM, Xuelei Fan <xuelei.fan at oracle.com> wrote:
> 
>> I'm not sure why the latest byte cannot be 0xFF? What about if my
>> content length is 256? For example:
>>
>> 677  if (lowByte == -1) {
>> 678      throw new IOException("Incomplete BER/DER length info");
>> 679  }
>>
>> Otherwise, looks fine to me.
>>
>> Xuelei
>>
>> On 10/11/2011 9:05 AM, Weijun Wang wrote:
>>> Webrev at http://cr.openjdk.java.net/~weijun/7099399/webrev.00/
>>>
>>> Basically, we're now accepting X.509 block of 4-octets length. For
>>> simplicity, the highest byte must be <= 127, so that the length can be
>>> expressed with a 32-bit int.
>>>
>>> Thanks
>>> Max
>>>
>>>
>>> -------- Original Message --------
>>> *Change Request ID*: 7099399
>>> *Synopsis*: cannot deal with CRL file larger than 16MB
>>>
>>>  Product: java
>>>  Category: java
>>>  Subcategory: classes_security
>>>  Type: Defect
>>>
>>> === *Description*
>>> ============================================================
>>> The X.509 impl of CertificateFactory only parses X.509 blocks smaller
>>> than 16MB, i.e. when the length can be encoded in 3 octets. Now we have
>>> a customer whose CRL file is as big as 30MB.
>>>
>>




More information about the security-dev mailing list