dghgit commented on issue #455: URL: https://github.com/apache/mina-sshd/issues/455#issuecomment-1912009349
The following in BaseCipher: ``` public void update(byte[] input, int inputOffset, int inputLen) throws Exception { cipher.update(input, inputOffset, inputLen, input, inputOffset); } ``` needs to be: ``` public int update(byte[] input, int inputOffset, int inputLen, int outputOffset) throws Exception { return cipher.update(input, inputOffset, inputLen, input, outputOffset); } ``` The problem is the calling class is assuming it knows how much output it's getting back, something it cannot know unless it can see the return value from cipher.update(). I'd be very suspicous of the second use of inputOffset as well - while it's okay to process in place (so pass the variable input in twice, inputOffset is unlikely to represent the correct offset that any output from the cipher.update() will be written to, the output offset needs to be passed in as well (after the call above, inputOffset can be safely incremented by inputLen, outputOffset would be incremented by the return value from BaseCipher.update()). The same usage constraints are required for doFinal(). -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For additional commands, e-mail: dev-h...@mina.apache.org