RFR: 8336665: CCE in X509CRLImpl$TBSCertList.getCertIssuer [v6]
Sean Mullan
mullan at openjdk.org
Tue Oct 22 14:30:35 UTC 2024
On Tue, 22 Oct 2024 12:51:45 GMT, Mark Powers <mpowers at openjdk.org> wrote:
>> test/jdk/sun/security/x509/X509CRLImpl/UnexpectedCCE.java line 46:
>>
>>> 44: // "class sun.security.x509.OIDName cannot be cast
>>> 45: // to class sun.security.x509.X500Name"
>>> 46: byte[] encoded_1 = Base64.getDecoder().decode("""
>>
>> Could you add some comments before this line and line 59 as to what is in the CRL that makes the format invalid? (Ex: This CRL contains a CertificateIssuerExtension that is not compliant with RFC 5280 because it does not contain a DN)
>
> The CRL is being constructed from a fuzzed data input stream. All I know is that the name in the CertificateIssuerExtension looks like an x509.OIDName in the first test, and in the second test it looks like an x509.X400Address.
>
> I can add these two comments to the test:
> "Fuzzed data input stream looks like an x509.OIDName." and
> "Fuzzed data input stream looks like an x509.X400Address.".
Yes, I think that would be helpful, but also say that these are in the CertificateIssuerExtension so it is more clear what part of the CRL is being tested for parsing issues.
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/20528#discussion_r1810840395
More information about the security-dev
mailing list