RFR 8172244: AIOOBE in KeyStore.getCertificateAlias on Windows
Vincent Ryan
vincent.x.ryan at oracle.com
Tue May 23 11:22:02 UTC 2017
Your fix looks fine to me.
Thanks.
> On 22 May 2017, at 20:57, Adam Petcher <adam.petcher at oracle.com> wrote:
>
> This is a bug fix related to keys without certificates in the Windows key store. When a key doesn't have a certificate, the native code will set the list of certificates to an empty list. Some of the Java code for the MSCAPI provider doesn't handle this case correctly and throws an AIOOBE. The regression test reproduces the same circumstances in the Java code by bypassing some checks in the KeyStore interface, allowing us to test this without upsetting the test environment.
>
> JBS: https://bugs.openjdk.java.net/browse/JDK-8172244
> Webrev: http://cr.openjdk.java.net/~apetcher/8172244/webrev.00/
>
More information about the security-dev
mailing list