Hi!

The ASN1InputStream implementation currently re-uses a set of shared buffers 
(byte[][] tmpBuffers) when parsing DerBooleans, DerEnumerateds and 
DerObjectIdentifiers.

One problem with this approach is that the constructor for DerEnumerated that 
takes a byte[] as its argument  only stores a reference to the byte[] without 
actually copying the data, meaning should another DerBoolean, DerEnumerated or 
DerObjectIdentifier with the same length occur in the type being parsed, the 
DerEnumerated value will be overwritten, since the same shared buffer is 
re-used.

I stumbled upon this when trying to parse a SEQUENCE containing first an 
ENUMERATED and then a false BOOLEAN. The enum would always end up as 0, no 
matter which value was used.

The simplest solution would be to simple copy the input array in the 
DerEnumerated constructor (which is what the DerObjectIdentifier constructor 
does), but I'm not sure if that would be the optimal approach, since that would 
effectively be "working around" the optimization with the temp buffers.

Best regards,

Oscar Jacobsson

Reply via email to