<html>
<head>
<meta content="text/html; charset=windows-1252"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<p>On 7/12/2017 6:27 PM, Bernd Eckenfels wrote:<br>
</p>
<blockquote
cite="mid:HE1PR08MB279581BC833E9F8D6097E782FFAF0@HE1PR08MB2795.eurprd08.prod.outlook.com"
type="cite">
<meta http-equiv="Content-Type" content="text/html;
charset=windows-1252">
<meta name="Generator" content="Microsoft Exchange Server">
<!-- converted from text -->
<style><!-- .EmailQuote { margin-left: 1pt; padding-left: 4pt; border-left: #800000 2px solid; } --></style>
<div>
<div id="x_compose-container" itemscope=""
itemtype="https://schema.org/EmailMessage"
style="direction:ltr">
<span itemprop="creator" itemscope=""
itemtype="https://schema.org/Organization"><span
itemprop="name"></span></span>
<div>
<div style="direction:ltr">
<div style="direction:ltr">BTW: Can in.available() be <
length as well? In that case then exception before your
changed line would be misleading.</div>
<div><br>
</div>
</div>
</div>
</div>
</div>
</blockquote>
<br>
Yes. I changed the text of that exception to make it a bit more
general, and made the text of the new exception match. <br>
<br>
New webrev: <a class="moz-txt-link-freetext" href="http://cr.openjdk.java.net/~apetcher/8183591/webrev.01/">http://cr.openjdk.java.net/~apetcher/8183591/webrev.01/</a><br>
<br>
<blockquote
cite="mid:HE1PR08MB279581BC833E9F8D6097E782FFAF0@HE1PR08MB2795.eurprd08.prod.outlook.com"
type="cite">
<div>
<div id="x_compose-container" itemscope=""
itemtype="https://schema.org/EmailMessage"
style="direction:ltr">
<div>
<div style="direction:ltr">
<div>
</div>
<div style="direction:ltr">Gruss</div>
<div style="direction:ltr">Bernd</div>
</div>
<div><br>
</div>
<div class="x_acompli_signature">Gruss<br>
Bernd<br>
-- <br>
<a moz-do-not-send="true" dir="ltr"
href="http://bernd.eckenfels.net">http://bernd.eckenfels.net</a></div>
</div>
</div>
<hr tabindex="-1" style="display:inline-block; width:98%">
<div id="x_divRplyFwdMsg" dir="ltr"><font style="font-size:11pt"
face="Calibri, sans-serif" color="#000000"><b>From:</b>
security-dev <a class="moz-txt-link-rfc2396E" href="mailto:security-dev-bounces@openjdk.java.net"><security-dev-bounces@openjdk.java.net></a>
on behalf of Adam Petcher <a class="moz-txt-link-rfc2396E" href="mailto:adam.petcher@oracle.com"><adam.petcher@oracle.com></a><br>
<b>Sent:</b> Wednesday, July 12, 2017 8:38:25 PM<br>
<b>To:</b> <a class="moz-txt-link-abbreviated" href="mailto:security-dev@openjdk.java.net">security-dev@openjdk.java.net</a><br>
<b>Subject:</b> RFR 8183591: Incorrect behavior when reading
DER value with Integer.MAX_VALUE length</font>
<div> </div>
</div>
</div>
<font size="2"><span style="font-size:10pt;">
<div class="PlainText">This is a bug fix for a corner case in
which a DER value has length
<br>
equal to Integer.MAX_VALUE. The code uses
IOUtils.readFully() to read <br>
the value, which interprets length=Integer.MAX_VALUE to mean
"read to <br>
the end." The result is that no exception will be thrown
when fewer then <br>
Integer.MAX_VALUE bytes are read from the stream. The fix
adds a check <br>
after the readFully() to ensure that the expected number of
bytes were <br>
read.<br>
<br>
Webrev: <a moz-do-not-send="true"
href="http://cr.openjdk.java.net/%7Eapetcher/8183591/webrev.00/">http://cr.openjdk.java.net/~apetcher/8183591/webrev.00/</a><br>
JBS: <a moz-do-not-send="true"
href="https://bugs.openjdk.java.net/browse/JDK-8183591">https://bugs.openjdk.java.net/browse/JDK-8183591</a><br>
<br>
</div>
</span></font>
</blockquote>
<br>
</body>
</html>