RFR JDK-8003245
Chris Hegarty
chris.hegarty at oracle.com
Thu May 30 16:09:48 UTC 2013
[cc'ing security-dev since this change is in their area]
John,
http://cr.openjdk.java.net/~jzavgren/8003245/webrev.01/
The changes in your above webrev look fine to me. I can sponsor this for
you, unless someone from the security area wants to, or even additional
reviews.
-Chris.
On 03/27/2013 04:30 PM, John Zavgren wrote:
> Florian:
>
> Yes, the uninitialized memory will be accessed in some cases, for example:
> @@ -1733,10 +1747,12 @@
> CK_X9_42_DH1_DERIVE_PARAMS ckParam;
> jfieldID fieldID;
> jlong jKdf;
> jobject jOtherInfo, jPublicData;
>
> + memset(&ckParam, 0, sizeof(CK_X9_42_DH1_DERIVE_PARAMS));<--- added initialization
> +
> /* get kdf */
> jX942Dh1DeriveParamsClass = (*env)->FindClass(env, CLASS_X9_42_DH1_DERIVE_PARAMS);
> if (jX942Dh1DeriveParamsClass == NULL) { return ckParam; }
> fieldID = (*env)->GetFieldID(env, jX942Dh1DeriveParamsClass, "kdf", "J");
> if (fieldID == NULL) { return ckParam; }
>
> ----- Original Message -----
> From: fweimer at redhat.com
> To: john.zavgren at oracle.com
> Cc: core-libs-dev at openjdk.java.net
> Sent: Wednesday, March 27, 2013 11:48:57 AM GMT -05:00 US/Canada Eastern
> Subject: Re: RFR JDK-8003245
>
> On 03/20/2013 04:27 PM, John Zavgren wrote:
>> Please consider the following changes that eliminate the use of uninitialized memory.
>
>> http://cr.openjdk.java.net/~jzavgren/8003245/webrev.01/
>
> Is the uninitialized memory accessed on the error paths?
>
More information about the security-dev
mailing list