RFR: 8282038: CipherSpi.bufferCrypt leaves plaintext copy on the heap
Weijun Wang
weijun at openjdk.org
Tue Jun 21 22:10:02 UTC 2022
On Wed, 15 Jun 2022 22:27:27 GMT, Valerie Peng <valeriep at openjdk.org> wrote:
>> Seems so. BTW, I was using a test-driven programming model and have not observed a leak here. I'll see if I can trigger one.
>
> Sounds good. Rest of changes look fine.
I cannot reproduce this leak, but I found more by mixing the calls on byte array and `ByteBuffer`, and data length of whole block and half block. I'll study more and maybe some sort of fuzzy testing is needed.
-------------
PR: https://git.openjdk.org/jdk/pull/9158
More information about the security-dev
mailing list