RFR 8183591: Incorrect behavior when reading DER value with Integer.MAX_VALUE length

Adam Petcher adam.petcher at oracle.com
Wed Jul 12 18:38:25 UTC 2017

This is a bug fix for a corner case in which a DER value has length 
equal to Integer.MAX_VALUE. The code uses IOUtils.readFully() to read 
the value, which interprets length=Integer.MAX_VALUE to mean "read to 
the end." The result is that no exception will be thrown when fewer then 
Integer.MAX_VALUE bytes are read from the stream. The fix adds a check 
after the readFully() to ensure that the expected number of bytes were 

Webrev: http://cr.openjdk.java.net/~apetcher/8183591/webrev.00/
JBS: https://bugs.openjdk.java.net/browse/JDK-8183591

More information about the security-dev mailing list