Details
-
Type:
Bug
-
Status: Closed
-
Priority:
P4
-
Resolution: Fixed
-
Affects Version/s: 8u172, 9
-
Fix Version/s: 10
-
Component/s: security-libs
-
Labels:
-
Subcomponent:
-
Resolved In Build:b17
-
Verification:Verified
Backports
Issue | Fix Version | Assignee | Priority | Status | Resolution | Resolved In Build |
---|---|---|---|---|---|---|
JDK-8239204 | openjdk8u252 | Andrew Hughes | P4 | Resolved | Fixed | b03 |
JDK-8237174 | openjdk8u242 | Andrew Hughes | P4 | Resolved | Fixed | b07 |
JDK-8240000 | openjdk7u | Andrew Hughes | P4 | Resolved | Fixed | master |
Description
When a DER value has a length equal to Integer.MAX_VALUE, the code will read until the end of the buffer. This read will succeed when the buffer has fewer bytes than Integer.MAX_VALUE. The correct behavior is to throw an exception in this circumstance.
Attachments
Issue Links
- backported by
-
JDK-8237174 Incorrect behavior when reading DER value with Integer.MAX_VALUE length
-
- Resolved
-
-
JDK-8239204 Incorrect behavior when reading DER value with Integer.MAX_VALUE length
-
- Resolved
-
-
JDK-8240000 Incorrect behavior when reading DER value with Integer.MAX_VALUE length
-
- Resolved
-
- relates to
-
JDK-8236983 [TESTBUG] Remove pointless catch block in test/jdk/sun/security/util/DerValue/BadValue.java
-
- Resolved
-