-
Bug
-
Resolution: Fixed
-
P4
-
1.4.0
-
None
-
beta2
-
generic
-
generic
While auditing JSSE BlockCipherBox class inside CipherBox.java, its method
addPadding(byte[], int, int) contains a checking which doesn't seem to be correct.
Current code has:
if (buf.length < newlen)
throw new IllegalArgumentException ("no space to pad buffer");
which should be fixed to the following:
if (buf.length - offset < newlen)
throw new IllegalArgumentException ("no space to pad buffer");
A simple grep on the caller of this method, it seems that the offset is 0 when called and this is probably why the bug didn't show up at runtime...
addPadding(byte[], int, int) contains a checking which doesn't seem to be correct.
Current code has:
if (buf.length < newlen)
throw new IllegalArgumentException ("no space to pad buffer");
which should be fixed to the following:
if (buf.length - offset < newlen)
throw new IllegalArgumentException ("no space to pad buffer");
A simple grep on the caller of this method, it seems that the offset is 0 when called and this is probably why the bug didn't show up at runtime...