archive/jdk
1
0
Fork 0
mirror of https://github.com/openjdk/jdk.git synced 2025-08-27 14:54:52 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

8300416: java.security.MessageDigestSpi clone can result in thread-unsafe clones

Browse source 
Reviewed-by: mullan
This commit is contained in:
Mark Powers 2023-02-07 17:40:22 +00:00 committed by Sean Mullan
parent a73d012c72
commit 2e2e71e1fa
2 changed files with 64 additions and 6 deletions
Download patch file Download diff file Expand all files Collapse all files

12
src/java.base/share/classes/java/security/MessageDigestSpi.java
View file

@ -1,5 +1,5 @@
/*
* Copyright (c) 1997, 2022, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 1997, 2023, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -205,7 +205,15 @@ public abstract class MessageDigestSpi {
*/
public Object clone() throws CloneNotSupportedException {
if (this instanceof Cloneable) {
return super.clone();
MessageDigestSpi o = (MessageDigestSpi)super.clone();
if (o.tempArray != null) {
// New byte arrays are allocated when the ByteBuffer argument
// to engineUpdate is not backed by a byte array.
// Here, the newly allocated byte array must also be cloned
// to prevent threads from sharing the same memory.
o.tempArray = tempArray.clone();
}
return o;
} else {
throw new CloneNotSupportedException();
}