RFR 8183591: Incorrect behavior when reading DER value with Integer.MAX_VALUE length
Adam Petcher
adam.petcher at oracle.com
Thu Jul 20 13:49:28 UTC 2017
Oops. Better to throw an IOException when a negative length is given to
readFully.
Webrev: http://cr.openjdk.java.net/~apetcher/8183591/webrev.02/
On 7/18/2017 1:55 PM, Adam Petcher wrote:
> Some additional investigation revealed that IOUtils.readFully() is
> only used by DER, JKS, and Kerberos. None of these need the "read to
> the end of the buffer" feature. This behavior of readFully() is
> confusing, so it is probably best to remove it.
>
> Webrev: http://cr.openjdk.java.net/~apetcher/8183591/webrev.01/
>
>
> On 7/12/2017 2:38 PM, Adam Petcher wrote:
>> This is a bug fix for a corner case in which a DER value has length
>> equal to Integer.MAX_VALUE. The code uses IOUtils.readFully() to read
>> the value, which interprets length=Integer.MAX_VALUE to mean "read to
>> the end." The result is that no exception will be thrown when fewer
>> then Integer.MAX_VALUE bytes are read from the stream. The fix adds a
>> check after the readFully() to ensure that the expected number of
>> bytes were read.
>>
>> Webrev: http://cr.openjdk.java.net/~apetcher/8183591/webrev.00/
>> JBS: https://bugs.openjdk.java.net/browse/JDK-8183591
>>
>
More information about the security-dev
mailing list