RFR 8183591: Incorrect behavior when reading DER value with Integer.MAX_VALUE length

Sean Mullan sean.mullan at oracle.com
Thu Jul 20 19:32:16 UTC 2017

Looks good to me.


On 7/20/17 9:49 AM, Adam Petcher wrote:
> Oops. Better to throw an IOException when a negative length is given to 
> readFully.
> Webrev: http://cr.openjdk.java.net/~apetcher/8183591/webrev.02/
> On 7/18/2017 1:55 PM, Adam Petcher wrote:
>> Some additional investigation revealed that IOUtils.readFully() is 
>> only used by DER, JKS, and Kerberos. None of these need the "read to 
>> the end of the buffer" feature. This behavior of readFully() is 
>> confusing, so it is probably best to remove it.
>> Webrev: http://cr.openjdk.java.net/~apetcher/8183591/webrev.01/
>> On 7/12/2017 2:38 PM, Adam Petcher wrote:
>>> This is a bug fix for a corner case in which a DER value has length 
>>> equal to Integer.MAX_VALUE. The code uses IOUtils.readFully() to read 
>>> the value, which interprets length=Integer.MAX_VALUE to mean "read to 
>>> the end." The result is that no exception will be thrown when fewer 
>>> then Integer.MAX_VALUE bytes are read from the stream. The fix adds a 
>>> check after the readFully() to ensure that the expected number of 
>>> bytes were read.
>>> Webrev: http://cr.openjdk.java.net/~apetcher/8183591/webrev.00/
>>> JBS: https://bugs.openjdk.java.net/browse/JDK-8183591

More information about the security-dev mailing list