RFR: 8336665: CCE in X509CRLImpl$TBSCertList.getCertIssuer [v6]
Mark Powers
mpowers at openjdk.org
Tue Oct 22 12:54:29 UTC 2024
On Mon, 21 Oct 2024 17:28:42 GMT, Sean Mullan <mullan at openjdk.org> wrote:
>> Mark Powers has updated the pull request incrementally with one additional commit since the last revision:
>>
>> more precise exception message
>
> test/jdk/sun/security/x509/X509CRLImpl/UnexpectedCCE.java line 46:
>
>> 44: // "class sun.security.x509.OIDName cannot be cast
>> 45: // to class sun.security.x509.X500Name"
>> 46: byte[] encoded_1 = Base64.getDecoder().decode("""
>
> Could you add some comments before this line and line 59 as to what is in the CRL that makes the format invalid? (Ex: This CRL contains a CertificateIssuerExtension that is not compliant with RFC 5280 because it does not contain a DN)
The CRL is being constructed from a fuzzed data input stream. All I know is that the name in the CertificateIssuerExtension looks like an x509.OIDName in the first test, and in the second test it looks like an x509.X400Address.
I can add these two comments to the test:
"Fuzzed data input stream looks like an x509.OIDName." and
"Fuzzed data input stream looks like an x509.X400Address.".
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/20528#discussion_r1810667864
More information about the security-dev
mailing list