You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@harmony.apache.org by Denis Kishenko <dk...@gmail.com> on 2006/08/09 13:49:04 UTC
Re: [jira] Created: (HARMONY-1120) [class][security] MessageDigest.update(byte[], int, int) incompatible with RI exceptions
RI java.security.MessageDigest.update() doesn't check input parameters
if they are negative, but Harmony does and throw IAE for next code
MessageDigest.getInstance("SHA").update(new byte[] {2,2}, 0, -100);
MessageDigest.getInstance("SHA").update(new byte[] {2,2}, -100, 57);
Spec doesn't mention anything about any exceptions. I filed this issue
as non-bug difference.
Does anybody have objections?
2006/8/9, Denis Kishenko (JIRA) <ji...@apache.org>:
> [class][security] MessageDigest.update(byte[], int, int) incompatible with RI exceptions
> ----------------------------------------------------------------------------------------
>
> Key: HARMONY-1120
> URL: http://issues.apache.org/jira/browse/HARMONY-1120
> Project: Harmony
> Issue Type: Bug
> Components: Non-bug differences from RI
> Reporter: Denis Kishenko
>
>
> Seems like RI doesn't check if offset and len are negative but Harmony does, so we have difference in behavior.
>
> ------------------------------------ Test -------------------------------------------
>
> import java.security.MessageDigest;
>
> public class bug9429 {
>
> public static void main (String[] args) {
> // len <0; RI does not throw exception
> try {
> System.err.println("1");
> MessageDigest.getInstance("SHA").update(new byte[] {2,2}, 0, -100);
> } catch (Exception e) {
> e.printStackTrace();
> }
> // RI and Harmony throws IllegalArgumentException
> try {
> System.err.println("2");
> MessageDigest.getInstance("SHA").update(new byte[] {2,2}, 0, 5);
> } catch (Exception e) {
> e.printStackTrace();
> }
> // RI throws ArrayIndexOutOfBoundsException; Harmony throws IllegalArgumentException
> // off <0
> try {
> System.err.println("3");
> MessageDigest.getInstance("SHA").update(new byte[] {2,2}, -100, 57);
> } catch (Exception e) {
> e.printStackTrace();
> }
> }
> }
>
> ------------------------ Output ----------------------------------------
>
> RI
> 1
> 2
> java.lang.IllegalArgumentException: Input buffer too short
> at java.security.MessageDigest.update(MessageDigest.java:267)
> at bug9429.main(bug9429.java:16)
> 3
> java.lang.ArrayIndexOutOfBoundsException
> at java.lang.System.arraycopy(Ljava.lang.Object;ILjava.lang.Object;II)V(Unknown Source)
> at sun.security.provider.DigestBase.engineUpdate(DigestBase.java:120)
> at java.security.MessageDigest$Delegate.engineUpdate(MessageDigest.java:523)
> at java.security.MessageDigest.update(MessageDigest.java:269)
> at bug9429.main(bug9429.java:24)
>
> Harmony
> 1
> java.lang.IllegalArgumentException: Incorrect offset/len parameters
> at java.security.MessageDigest.update(MessageDigest.java:169)
> at bug9429.main(bug9429.java:9)
> 2
> java.lang.IllegalArgumentException: Incorrect offset/len parameters
> at java.security.MessageDigest.update(MessageDigest.java:169)
> at bug9429.main(bug9429.java:16)
> 3
> java.lang.IllegalArgumentException: Incorrect offset/len parameters
> at java.security.MessageDigest.update(MessageDigest.java:169)
> at bug9429.main(bug9429.java:24)
>
>
> --
> This message is automatically generated by JIRA.
> -
> If you think it was sent incorrectly contact one of the administrators: http://issues.apache.org/jira/secure/Administrators.jspa
> -
> For more information on JIRA, see: http://www.atlassian.com/software/jira
>
>
>
--
Denis M. Kishenko
Intel Middleware Products Division
---------------------------------------------------------------------
Terms of use : http://incubator.apache.org/harmony/mailing.html
To unsubscribe, e-mail: harmony-dev-unsubscribe@incubator.apache.org
For additional commands, e-mail: harmony-dev-help@incubator.apache.org