RFR: 8282038: CipherSpi.bufferCrypt leaves plaintext copy on the heap
Weijun Wang
weijun at openjdk.org
Fri Jul 8 18:43:43 UTC 2022
On Tue, 21 Jun 2022 22:06:23 GMT, Weijun Wang <weijun at openjdk.org> wrote:
>> Sounds good. Rest of changes look fine.
>
> I cannot reproduce this leak, but I found more by mixing the calls on byte array and `ByteBuffer`, and data length of whole block and half block. I'll study more and maybe some sort of fuzzy testing is needed.
Oh, this is taking longer than I expected.
-------------
PR: https://git.openjdk.org/jdk/pull/9158
More information about the security-dev
mailing list