RFR 8157404: Unable to read certain PKCS12 keystores from SequenceInputStream
Weijun Wang
weijun.wang at oracle.com
Tue Mar 5 03:06:03 UTC 2019
Please take a review at
https://cr.openjdk.java.net/~weijun/8157404/webrev.00/
When Java finds out data is not enough while resolving a BER, it reads in more data and try converting again. Please note that calling available() again after readNBytes is not reliable because it might return zero even if there are more bytes.
A more efficient fix could be rewriting the convert logic to use the stream directly (parsing while reading), and thus avoid the need to call the whole convertBytes method again, but that's a big change and there is a risk getting wrong somewhere. This fix is likely to be backported to older LTS releases.
Note this could block but it should only happen when data is not enough, and it only reads one byte.
The test included in the bug report passed, but I'll see if I can write a new test not depending on any existing binary data.
And I'm running a mach5 test job now.
Thanks,
Max
More information about the security-dev
mailing list