-
Bug
-
Resolution: Fixed
-
P4
-
1.4.0
-
None
-
hopper
-
generic
-
generic
SSLInputStream contains the following "stylistic problems":
. declares "protected InputRecord r", should be package private
. "// NOTE: subclassers implement two read() calls and close()." Should put in "public abstract close() throws IOException" etc. to actually enforce that (BTW, HandshakeInStream subclass does not implement close)
. It contains some code to handle mark() and reset(), but AppInputStream overrides that to disable mark() support again. This entire code should be removed to inherit default non-mark support from InputStream.
. from getBytes16():
int len = getInt16();
byte b [] = new byte [len];
getInt16() returns a short, that means values > 16383 will be sign extented to a negative int and cause a NegativeArraySizeException during the Handshake (currently, this will never happen because no values this large are transmitted during a normal handshake).
. declares "protected InputRecord r", should be package private
. "// NOTE: subclassers implement two read() calls and close()." Should put in "public abstract close() throws IOException" etc. to actually enforce that (BTW, HandshakeInStream subclass does not implement close)
. It contains some code to handle mark() and reset(), but AppInputStream overrides that to disable mark() support again. This entire code should be removed to inherit default non-mark support from InputStream.
. from getBytes16():
int len = getInt16();
byte b [] = new byte [len];
getInt16() returns a short, that means values > 16383 will be sign extented to a negative int and cause a NegativeArraySizeException during the Handshake (currently, this will never happen because no values this large are transmitted during a normal handshake).