RFR: 8207775: Better management of CipherCore buffers

Anthony Scarpino anthony.scarpino at oracle.com
Fri Jul 27 20:02:43 UTC 2018


If we are going to add more, here are two more ton consider:

- It looks like there is another Arrays.copyOf() on doFinal() line 851
- doFinal() at line 897 there might be something that should be done 
with 'buffer'.  In particular as a result of line 963's arraycopy().

Tony


On 07/27/2018 08:29 AM, Seán Coffey wrote:
> Thanks Tony. If it's alright with you, I'd like to make one more edit 
> for this change.
> 
> http://cr.openjdk.java.net/~coffeys/webrev.8207775.v2/webrev/
> 
> There's a condition where we can null out an array early if we're 
> returning a copy. See lines 671-683
> 
> Regards,
> Sean.
> 
> On 26/07/18 17:42, Anthony Scarpino wrote:
>> On 07/26/2018 07:36 AM, Seán Coffey wrote:
>>> https://bugs.openjdk.java.net/browse/JDK-8207775
>>>
>>> Simple enough fix to null out some internal buffers once they're no 
>>> longer required.
>>>
>>> webrev : http://cr.openjdk.java.net/~coffeys/webrev.8207775/webrev/
>>>
>>> regards,
>>> Sean.
>>>
>>
>> that looks fine..
>>
>> Tony
> 



More information about the security-dev mailing list