6682411: JCK test failed w/ ArrayIndexOutOfBoundException (-1) when decrypting with no data
authorvaleriep
Mon, 31 Mar 2008 16:12:37 -0700
changeset 296 a26e4ea2ca63
parent 294 61e9ed3ce684
child 297 bec12c857972
6682411: JCK test failed w/ ArrayIndexOutOfBoundException (-1) when decrypting with no data Summary: Fixed PKCS5Padding class with additional check and throw BadPaddingException if the check failed Reviewed-by: wetmore
jdk/src/share/classes/sun/security/pkcs11/P11Cipher.java
--- a/jdk/src/share/classes/sun/security/pkcs11/P11Cipher.java	Mon Mar 31 11:09:57 2008 -0700
+++ b/jdk/src/share/classes/sun/security/pkcs11/P11Cipher.java	Mon Mar 31 16:12:37 2008 -0700
@@ -72,7 +72,7 @@
 
         // DEC: return the length of trailing padding bytes given the specified
         // padded data
-        int unpad(byte[] paddedData, int ofs, int len)
+        int unpad(byte[] paddedData, int len)
                 throws BadPaddingException;
     }
 
@@ -94,14 +94,17 @@
             return padLen;
         }
 
-        public int unpad(byte[] paddedData, int ofs, int len)
+        public int unpad(byte[] paddedData, int len)
                 throws BadPaddingException {
-            byte padValue = paddedData[ofs + len - 1];
+            if (len < 1 || len > paddedData.length) {
+                throw new BadPaddingException("Invalid pad array length!");
+            }
+            byte padValue = paddedData[len - 1];
             if (padValue < 1 || padValue > blockSize) {
                 throw new BadPaddingException("Invalid pad value!");
             }
             // sanity check padding bytes
-            int padStartIndex = ofs + len - padValue;
+            int padStartIndex = len - padValue;
             for (int i = padStartIndex; i < len; i++) {
                 if (paddedData[i] != padValue) {
                     throw new BadPaddingException("Invalid pad bytes!");
@@ -712,7 +715,7 @@
                     }
                     k += token.p11.C_DecryptFinal(session.id(), 0, padBuffer, k,
                             padBuffer.length - k);
-                    int actualPadLen = paddingObj.unpad(padBuffer, 0, k);
+                    int actualPadLen = paddingObj.unpad(padBuffer, k);
                     k -= actualPadLen;
                     System.arraycopy(padBuffer, 0, out, outOfs, k);
                 } else {
@@ -781,7 +784,7 @@
                     }
                     k += token.p11.C_DecryptFinal(session.id(),
                             0, padBuffer, k, padBuffer.length - k);
-                    int actualPadLen = paddingObj.unpad(padBuffer, 0, k);
+                    int actualPadLen = paddingObj.unpad(padBuffer, k);
                     k -= actualPadLen;
                     outArray = padBuffer;
                     outOfs = 0;