dghgit commented on issue #455:
URL: https://github.com/apache/mina-sshd/issues/455#issuecomment-1912009349

     The following in BaseCipher:
      public void update(byte[] input, int inputOffset, int inputLen) throws 
Exception {
           cipher.update(input, inputOffset, inputLen, input, inputOffset);
   needs to be:
       public int update(byte[] input, int inputOffset, int inputLen, int 
outputOffset) throws Exception {
           return cipher.update(input, inputOffset, inputLen, input, 
   The problem is the calling class is assuming it knows how much output it's 
getting back, something it cannot know unless it can see the return value from 
cipher.update(). I'd be very suspicous of the second use of inputOffset as well 
- while it's okay to process in place (so pass the variable input in twice, 
inputOffset is unlikely to represent the correct offset that any output from 
the cipher.update() will be written to, the output offset needs to be passed in 
as well (after the call above, inputOffset can be safely incremented by 
inputLen, outputOffset would be incremented by the return value from 
   The same usage constraints are required for doFinal().

This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org

For queries about this service, please contact Infrastructure at:

To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org
For additional commands, e-mail: dev-h...@mina.apache.org

Reply via email to