RFR: 8028780: JDK KRB5 module throws OutOfMemoryError when CCache is corrupt
Xuelei Fan
Xuelei.Fan at Oracle.COM
Mon Dec 30 02:43:07 UTC 2013
Looks fine to me except a minor comment.
GSSNameImpl.java
----------------
260 if (pos + mechPortionLen > bytes.length) {
In case of integer overflow, prefer to use:
if (pos > bytes.length - mechPortionLen) {
Xuelei
On 12/30/2013 8:57 AM, Weijun Wang wrote:
> Hi All
>
> Please take a look at
>
> http://cr.openjdk.java.net/~weijun/8028780/webrev.00/
>
> New codes are added to check for the validity of input raw data so that
> a proper exception (say, GSSException, IOException) is thrown instead of
> unchecked ones like IllegalArgumentException, IndexOutOfBoundException,
> OutOfMemoryError, etc.
>
> Thanks
> Max
More information about the security-dev
mailing list