archive/jdk
1
0
Fork 0
mirror of https://github.com/openjdk/jdk.git synced 2025-08-26 22:34:27 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

8280703: CipherCore.doFinal(...) causes potentially massive byte[] allocations during decryption

Browse source 
Reviewed-by: ascarpino
This commit is contained in:
Sebastian Stenzel 2022-01-28 16:42:42 +00:00 committed by Anthony Scarpino
parent cb8a82ee24
commit 409382ba4b
1 changed files with 8 additions and 5 deletions
Download patch file Download diff file Expand all files Collapse all files

13
src/java.base/share/classes/com/sun/crypto/provider/CipherCore.java
View file

@ -1,5 +1,5 @@
/*
* Copyright (c) 2002, 2021, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2002, 2022, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -812,10 +812,13 @@ final class CipherCore {
if (outputCapacity < estOutSize) {
cipher.save();
}
// create temporary output buffer if the estimated size is larger
// than the user-provided buffer.
internalOutput = new byte[estOutSize];
offset = 0;
if (outputCapacity < estOutSize || padding != null) {
// create temporary output buffer if the estimated size is larger
// than the user-provided buffer or a padding needs to be removed
// before copying the unpadded result to the output buffer
internalOutput = new byte[estOutSize];
offset = 0;
}
}
byte[] outBuffer = (internalOutput != null) ? internalOutput : output;