Re: RFR JDK-8003245

Chris Hegarty Thu, 30 May 2013 09:11:42 -0700

[cc'ing security-dev since this change is in their area]


John,

http://cr.openjdk.java.net/~jzavgren/8003245/webrev.01/

The changes in your above webrev look fine to me. I can sponsor this foryou, unless someone from the security area wants to, or even additionalreviews.


-Chris.


On 03/27/2013 04:30 PM, John Zavgren wrote:

Florian:

Yes, the uninitialized memory will be accessed in some cases, for example:
@@ -1733,10 +1747,12 @@
      CK_X9_42_DH1_DERIVE_PARAMS ckParam;
      jfieldID fieldID;
      jlong jKdf;
      jobject jOtherInfo, jPublicData;

+    memset(&ckParam, 0, sizeof(CK_X9_42_DH1_DERIVE_PARAMS));<--- added 
initialization
+
      /* get kdf */
      jX942Dh1DeriveParamsClass = (*env)->FindClass(env, 
CLASS_X9_42_DH1_DERIVE_PARAMS);
      if (jX942Dh1DeriveParamsClass == NULL) { return ckParam; }
      fieldID = (*env)->GetFieldID(env, jX942Dh1DeriveParamsClass, "kdf", "J");
      if (fieldID == NULL) { return ckParam; }

----- Original Message -----
From: fwei...@redhat.com
To: john.zavg...@oracle.com
Cc: core-libs-...@openjdk.java.net
Sent: Wednesday, March 27, 2013 11:48:57 AM GMT -05:00 US/Canada Eastern
Subject: Re: RFR JDK-8003245

On 03/20/2013 04:27 PM, John Zavgren wrote:

Please consider the following changes that eliminate the use of uninitialized 
memory.

http://cr.openjdk.java.net/~jzavgren/8003245/webrev.01/


Is the uninitialized memory accessed on the error paths?

Re: RFR JDK-8003245

Reply via email to