Details
-
Type:
Bug
-
Status: Closed
-
Priority:
P4
-
Resolution: Fixed
-
Affects Version/s: 8, 11, 12
-
Fix Version/s: 13
-
Component/s: security-libs
-
Subcomponent:
-
Resolved In Build:b05
-
Verification:Not verified
Backports
Issue | Fix Version | Assignee | Priority | Status | Resolution | Resolved In Build |
---|---|---|---|---|---|---|
JDK-8253163 | 11.0.10-oracle | Prajwal Kumaraswamy | P4 | Resolved | Fixed | b01 |
JDK-8225728 | 11.0.5 | Ivan Gerasimov | P4 | Resolved | Fixed | b01 |
Description
This is analogous to what was done in XDHKeyAgreement::engineGenerateSecret via JDK-8201317.
- if (offset + secretLen > sharedSecret.length) {
+ if (secretLen > sharedSecret.length - offset) {
- if (offset + secretLen > sharedSecret.length) {
+ if (secretLen > sharedSecret.length - offset) {
Attachments
Issue Links
- backported by
-
JDK-8225728 Make comparison overflow-aware in ECDHKeyAgreement.engineGenerateSecret()
-
- Resolved
-
-
JDK-8253163 Make comparison overflow-aware in ECDHKeyAgreement.engineGenerateSecret()
-
- Resolved
-