-
Type:
Bug
-
Resolution: Fixed
-
Priority:
P4
-
Affects Version/s: 1.4.0
-
Component/s: security-libs
-
None
-
beta2
-
generic
-
generic
While auditing JSSE BlockCipherBox class inside CipherBox.java, its method
addPadding(byte[], int, int) contains a checking which doesn't seem to be correct.
Current code has:
if (buf.length < newlen)
throw new IllegalArgumentException ("no space to pad buffer");
which should be fixed to the following:
if (buf.length - offset < newlen)
throw new IllegalArgumentException ("no space to pad buffer");
A simple grep on the caller of this method, it seems that the offset is 0 when called and this is probably why the bug didn't show up at runtime...
addPadding(byte[], int, int) contains a checking which doesn't seem to be correct.
Current code has:
if (buf.length < newlen)
throw new IllegalArgumentException ("no space to pad buffer");
which should be fixed to the following:
if (buf.length - offset < newlen)
throw new IllegalArgumentException ("no space to pad buffer");
A simple grep on the caller of this method, it seems that the offset is 0 when called and this is probably why the bug didn't show up at runtime...