[JDK-8217344] Make comparison overflow-aware in ECDHKeyAgreement.engineGenerateSecret() - Java Bug System

XML
Word
Printable

Details

Type: Bug
Status: Closed
Priority: P4
Resolution: Fixed
Affects Version/s: 8, 11, 12
Fix Version/s: 13
Component/s: security-libs
Labels:

Subcomponent:
javax.crypto
Resolved In Build:
b05
Verification:
Not verified

Backports

Issue	Fix Version	Assignee	Priority	Status	Resolution	Resolved In Build
JDK-8225728	11.0.5	Ivan Gerasimov	P4	Resolved	Fixed	b01

Description

This is analogous to what was done in XDHKeyAgreement::engineGenerateSecret via ~~JDK-8201317~~.

- if (offset + secretLen > sharedSecret.length) {
+ if (secretLen > sharedSecret.length - offset) {

Attachments

Issue Links

backported by

JDK-8225728 Make comparison overflow-aware in ECDHKeyAgreement.engineGenerateSecret()

Resolved

Activity

People

Assignee:

Ivan Gerasimov

Reporter:

Ivan Gerasimov

Votes:

0 Vote for this issue

Watchers:

3 Start watching this issue

Dates

Created:

2019-01-17 13:22

Updated:

2019-06-13 09:25

Resolved:

2019-01-18 15:47