Lorenz Quack created QPID-7470:
----------------------------------
Summary: [Java Broker] Address javax.xml.bind.DatatypeConverter
shortcomings
Key: QPID-7470
URL: https://issues.apache.org/jira/browse/QPID-7470
Project: Qpid
Issue Type: Task
Components: Java Broker
Reporter: Lorenz Quack
javax.xml.bind.DatatypeConverterImpl#parseBase64Binary has shortcomings that we
should address. It does not (as the java docs suggest) throw
IllegalArgumentException when the argument contains characters outside the
valid base64 value space. Instead it will skip invalid characters in the
(7-bit) ASCII range and throw a ArrayIndexOutOfBoundsException on non-ASCII
characters.
We should guard against these cases. Maybe by wrapping
javax.xml.bind.DatatypeConverterImpl in our own class and doing input
validation there.
See also (https://bugs.openjdk.java.net/browse/JDK-8168456)
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
