harmony-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Denis Kishenko" <dkishe...@gmail.com>
Subject Re: [classlib][security] Exception compatibility
Date Tue, 05 Sep 2006 07:31:03 GMT
Boris thank you for your question. I asked myself the same question
and choose the same answer as you. Unfortunately as people wrote above
we were wrong and they are reasonable.

I have already written patch for HARMONY-1120 to follow RI behavior.

2006/9/5, Stepan Mishura <stepan.mishura@gmail.com>:
> On 9/4/06, Boris Kuznetsov wrote:
> >
> > Usually Harmony behavior is compared with RI behavior. But in security
> > area RI behavior depends on provider. With different providers RI
> > behave differently.
> >
> > For example, RI passes incorrect method arguments to provider. In such
> > cases provider may throw exception (e.g. DigestException or
> > IllegalArgumentException) or some RuntimeException (e.g.
> > ArrayIndexOutOfBoundsException) may be thrown during the execution.
> > Here is example.
> >
> > There are number of methods with arguments like (byte[] buf, int
> > offset, int len). RI doesn't check if offset and len are negative but
> > Harmony does, so we have difference in behavior (see Harmony-1120,
> > 1148): on combination RI + provider application gets provider specific
> > exception, but on Harmony + provider - IllegalArgumentException (as in
> > other invalid parameters cases).
> >
> > So we have two options:
> > 1. Fix Harmony (remove negative parameters checks)
> > 2. Don't fix. Throw IllegalArgumentException for invalid parameters.
> > Document as non-bug difference from RI.
>
>
> Hi, Boris.
>
> We agreed to be exceptions-compatible with RI so we would have chosen the
> first option. But I think that the first option is not suitable. I'll try to
> explain why. I have a look at MessageDigest.java and mentioned JIRAs: so
> there are 4 cases when parameters are invalid and an implementation has to
> check if:
> 1) buf - is null
> 2) offset < 0
> 3) len < 0
> 4) offset + len > buf's len
>
> The first option means that we have to remove 2 and 3 checks. And leave 1
> and 4 as RI does. But 4 check is meaningless without 2 and 3. IOW, it is
> only valid if offset and len params are correct. IMO chosing the first
> option is copying inconsistent behaviour. So I vote for the second option.
>
> Thanks,
> Stepan.
>
> Note, specification doesn't describe implementation behavior for
> > invalid arguments, but RI also throws IllegalArgumentException if
> > ofsset+len > buf.length. So throwing of IllegalArgumentException in
> > Harmony can't break any application.
> >
> > I suggest option 2.
> > Thoughts?
> >
> > Thanks,
> > Boris
> >
> > ------------------------------------------------------
> Terms of use : http://incubator.apache.org/harmony/mailing.html
> To unsubscribe, e-mail: harmony-dev-unsubscribe@incubator.apache.org
> For additional commands, e-mail: harmony-dev-help@incubator.apache.org
>
>


-- 
Denis M. Kishenko
Intel Middleware Products Division

---------------------------------------------------------------------
Terms of use : http://incubator.apache.org/harmony/mailing.html
To unsubscribe, e-mail: harmony-dev-unsubscribe@incubator.apache.org
For additional commands, e-mail: harmony-dev-help@incubator.apache.org


Mime
View raw message