RFR: 8267086: Fix ArrayIndexOutOfBoundsException in DerIndefLenConverter
Xue-Lei Andrew Fan
xuelei at openjdk.java.net
Mon Jul 12 17:56:02 UTC 2021
On Mon, 17 May 2021 12:46:31 GMT, Fabian Meumertzheim <github.com+4312191+fmeum at openjdk.org> wrote:
>> `sun.security.util.DerIndefLenConverter#convertBytes` does not perform sufficient checks after calling `#parseValue`, which can overflow `dataPos` or make it exceed `dataSize`. This can lead to an `ArrayIndexOutOfBoundsException`.
>>
>> The fix is to ensure `dataPos` is in the valid range `[0,dataSize]` after the call to `parseValue`.
>
> The referenced bug is https://bugs.java.com/bugdatabase/view_bug.do?bug_id=8267086, but for some reason the reference is shown as not valid.
@fmeum Did you want to re-open this PR request? I will have a look at the PR.
-------------
PR: https://git.openjdk.java.net/jdk/pull/4058
More information about the security-dev
mailing list