|
| From: | raif at swiftdsl dot com dot au |
| Subject: | [Bug crypto/28204] PBEKeySpec incorrectly deletes the originally passed password array |
| Date: | 30 Jun 2006 22:54:47 -0000 |
------- Comment #6 from raif at swiftdsl dot com dot au 2006-06-30 22:54 ------- (In reply to comment #5) > An update patch can be found here: > > http://developer.classpath.org/pipermail/classpath-patches/attachments/20060629/37ada768/Crypto-PBEKeySpec.bin looking at the javadoc of the RI, i feel that the [salt] suffers from the same defect as the [password]. i'm sure one can show that in a testlet and include in the fix cloning the salt's byte array if it's not null. thoughts? -- http://gcc.gnu.org/bugzilla/show_bug.cgi?id=28204
| [Prev in Thread] | Current Thread | [Next in Thread] |