harmony-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Denis Kishenko" <dkishe...@gmail.com>
Subject Re: [jira] Created: (HARMONY-1120) [class][security] MessageDigest.update(byte[], int, int) incompatible with RI exceptions
Date Wed, 09 Aug 2006 11:49:04 GMT
RI java.security.MessageDigest.update() doesn't check input parameters
if they are negative, but Harmony does and throw IAE for next code

MessageDigest.getInstance("SHA").update(new byte[] {2,2}, 0, -100);
MessageDigest.getInstance("SHA").update(new byte[] {2,2},  -100, 57);

Spec doesn't mention anything about any exceptions. I filed this issue
as non-bug difference.

Does anybody have objections?

2006/8/9, Denis Kishenko (JIRA) <jira@apache.org>:
> [class][security] MessageDigest.update(byte[], int, int) incompatible with RI exceptions
> ----------------------------------------------------------------------------------------
>
>                 Key: HARMONY-1120
>                 URL: http://issues.apache.org/jira/browse/HARMONY-1120
>             Project: Harmony
>          Issue Type: Bug
>          Components: Non-bug differences from RI
>            Reporter: Denis Kishenko
>
>
> Seems like RI doesn't check if offset and len are negative but Harmony does, so we have
difference in behavior.
>
> ------------------------------------ Test -------------------------------------------
>
> import java.security.MessageDigest;
>
> public class bug9429 {
>
>    public static void main (String[] args) {
>        // len <0; RI does not throw exception
>        try {
>            System.err.println("1");
>            MessageDigest.getInstance("SHA").update(new byte[] {2,2}, 0, -100);
>        } catch (Exception e) {
>            e.printStackTrace();
>        }
>        // RI and Harmony throws IllegalArgumentException
>        try {
>            System.err.println("2");
>            MessageDigest.getInstance("SHA").update(new byte[] {2,2}, 0, 5);
>        } catch (Exception e) {
>            e.printStackTrace();
>        }
>        // RI throws ArrayIndexOutOfBoundsException; Harmony throws IllegalArgumentException
>        // off <0
>        try {
>            System.err.println("3");
>            MessageDigest.getInstance("SHA").update(new byte[] {2,2},  -100, 57);
>        } catch (Exception e) {
>            e.printStackTrace();
>        }
>    }
> }
>
> ------------------------ Output ----------------------------------------
>
> RI
> 1
> 2
> java.lang.IllegalArgumentException: Input buffer too short
>                        at java.security.MessageDigest.update(MessageDigest.java:267)
>                        at bug9429.main(bug9429.java:16)
> 3
> java.lang.ArrayIndexOutOfBoundsException
>                        at java.lang.System.arraycopy(Ljava.lang.Object;ILjava.lang.Object;II)V(Unknown
Source)
>                        at sun.security.provider.DigestBase.engineUpdate(DigestBase.java:120)
>                        at java.security.MessageDigest$Delegate.engineUpdate(MessageDigest.java:523)
>                        at java.security.MessageDigest.update(MessageDigest.java:269)
>                        at bug9429.main(bug9429.java:24)
>
> Harmony
> 1
> java.lang.IllegalArgumentException: Incorrect offset/len parameters
>                        at java.security.MessageDigest.update(MessageDigest.java:169)
>                        at bug9429.main(bug9429.java:9)
> 2
> java.lang.IllegalArgumentException: Incorrect offset/len parameters
>                        at java.security.MessageDigest.update(MessageDigest.java:169)
>                        at bug9429.main(bug9429.java:16)
> 3
> java.lang.IllegalArgumentException: Incorrect offset/len parameters
>                        at java.security.MessageDigest.update(MessageDigest.java:169)
>                        at bug9429.main(bug9429.java:24)
>
>
> --
> This message is automatically generated by JIRA.
> -
> If you think it was sent incorrectly contact one of the administrators: http://issues.apache.org/jira/secure/Administrators.jspa
> -
> For more information on JIRA, see: http://www.atlassian.com/software/jira
>
>
>


-- 
Denis M. Kishenko
Intel Middleware Products Division

---------------------------------------------------------------------
Terms of use : http://incubator.apache.org/harmony/mailing.html
To unsubscribe, e-mail: harmony-dev-unsubscribe@incubator.apache.org
For additional commands, e-mail: harmony-dev-help@incubator.apache.org


Mime
View raw message