Oops. Better to throw an IOException when a negative length is given to
readFully.
Webrev: http://cr.openjdk.java.net/~apetcher/8183591/webrev.02/
On 7/18/2017 1:55 PM, Adam Petcher wrote:
Some additional investigation revealed that IOUtils.readFully() is
only used by DER, JKS, and Kerberos. None of these need the "read to
the end of the buffer" feature. This behavior of readFully() is
confusing, so it is probably best to remove it.
Webrev: http://cr.openjdk.java.net/~apetcher/8183591/webrev.01/
On 7/12/2017 2:38 PM, Adam Petcher wrote:
This is a bug fix for a corner case in which a DER value has length
equal to Integer.MAX_VALUE. The code uses IOUtils.readFully() to read
the value, which interprets length=Integer.MAX_VALUE to mean "read to
the end." The result is that no exception will be thrown when fewer
then Integer.MAX_VALUE bytes are read from the stream. The fix adds a
check after the readFully() to ensure that the expected number of
bytes were read.
Webrev: http://cr.openjdk.java.net/~apetcher/8183591/webrev.00/
JBS: https://bugs.openjdk.java.net/browse/JDK-8183591
