Some additional investigation revealed that IOUtils.readFully() is only
used by DER, JKS, and Kerberos. None of these need the "read to the end
of the buffer" feature. This behavior of readFully() is confusing, so it
is probably best to remove it.
Webrev: http://cr.openjdk.java.net/~apetcher/8183591/webrev.01/
On 7/12/2017 2:38 PM, Adam Petcher wrote:
This is a bug fix for a corner case in which a DER value has length
equal to Integer.MAX_VALUE. The code uses IOUtils.readFully() to read
the value, which interprets length=Integer.MAX_VALUE to mean "read to
the end." The result is that no exception will be thrown when fewer
then Integer.MAX_VALUE bytes are read from the stream. The fix adds a
check after the readFully() to ensure that the expected number of
bytes were read.
Webrev: http://cr.openjdk.java.net/~apetcher/8183591/webrev.00/
JBS: https://bugs.openjdk.java.net/browse/JDK-8183591
