RFR 8183591: Incorrect behavior when reading DER value with Integer.MAX_VALUE length

Bernd Eckenfels ecki at zusammenkunft.net
Wed Jul 12 22:27:12 UTC 2017


BTW: Can in.available() be < length as well? In that case then exception before your changed line would be misleading.

Gruss
Bernd

Gruss
Bernd
--
http://bernd.eckenfels.net
________________________________
From: security-dev <security-dev-bounces at openjdk.java.net> on behalf of Adam Petcher <adam.petcher at oracle.com>
Sent: Wednesday, July 12, 2017 8:38:25 PM
To: security-dev at openjdk.java.net
Subject: RFR 8183591: Incorrect behavior when reading DER value with Integer.MAX_VALUE length

This is a bug fix for a corner case in which a DER value has length
equal to Integer.MAX_VALUE. The code uses IOUtils.readFully() to read
the value, which interprets length=Integer.MAX_VALUE to mean "read to
the end." The result is that no exception will be thrown when fewer then
Integer.MAX_VALUE bytes are read from the stream. The fix adds a check
after the readFully() to ensure that the expected number of bytes were
read.

Webrev: http://cr.openjdk.java.net/~apetcher/8183591/webrev.00/
JBS: https://bugs.openjdk.java.net/browse/JDK-8183591

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.openjdk.java.net/pipermail/security-dev/attachments/20170712/4362a024/attachment.html>


More information about the security-dev mailing list