RFR: 8308010: X509Key and PKCS8Key allows garbage bytes at the end [v2]

Weijun Wang weijun at openjdk.org
Thu May 18 14:48:58 UTC 2023


> When parsing a byte array to a private or public key, it's now converted to a `ByteArrayInputStream` and the parser does not report an error if there are extra bytes at the end.

Weijun Wang has updated the pull request incrementally with one additional commit since the last revision:

  add reasons

-------------

Changes:
  - all: https://git.openjdk.org/jdk/pull/13958/files
  - new: https://git.openjdk.org/jdk/pull/13958/files/199c84a0..65357365

Webrevs:
 - full: https://webrevs.openjdk.org/?repo=jdk&pr=13958&range=01
 - incr: https://webrevs.openjdk.org/?repo=jdk&pr=13958&range=00-01

  Stats: 12 lines in 2 files changed: 0 ins; 6 del; 6 mod
  Patch: https://git.openjdk.org/jdk/pull/13958.diff
  Fetch: git fetch https://git.openjdk.org/jdk.git pull/13958/head:pull/13958

PR: https://git.openjdk.org/jdk/pull/13958



More information about the security-dev mailing list