bug-classpath
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Bug crypto/28204] PBEKeySpec incorrectly deletes the originally passed

From: mwringe at redhat dot com
Subject: [Bug crypto/28204] PBEKeySpec incorrectly deletes the originally passed password array
Date: 6 Jul 2006 18:00:15 -0000 

------- Comment #10 from mwringe at redhat dot com  2006-07-06 18:00 -------
...
> on the PBEKeySpec:
> 
> * i don't think cloning the password and salt at construction is enough.  the
> code for getPassword() and getSalt() should still return a clone of the 
> arrays.
>  if this is the case, my patch/diff comparator did not show it.  the cloning 
> is
> necessary to guard againt either of these entities being changed between
> consecutive invocations of those methods.
> 
> * minor nit: you probably can reduce code duplication by confining all the
> correctness checking code in one method; e.g. checkParams() or the like, which
> can be called in each constructor.
> 
...

An updated patch can be found here:
http://developer.classpath.org/pipermail/classpath-patches/attachments/20060706/22dc056c/Crypto-PBEKeySpec.bin

A copy of salt and password are now returned when its get method is called. It
now follows the proper behaviour.

The code has also been cleaned up to reduce code duplication. Instead of
checking for argument validity in each constructor, the constructors now call a
private set method that does the checking and throws any errors if necessary.

Any other suggestions?


-- 


http://gcc.gnu.org/bugzilla/show_bug.cgi?id=28204
reply via email to
[Prev in Thread] Current Thread [Next in Thread]