Skip to content

Commit

Permalink
8267860: Off-by-one bug when searching arrays in AlpnGreaseTest
Browse files Browse the repository at this point in the history 
Co-authored-by: Bradford Wetmore <wetmore@openjdk.org>
Reviewed-by: wetmore
  • Loading branch information
@driverkt
driverkt and Bradford Wetmore committed Jun 13, 2022
1 parent 4aede33 commit 2adef6a
Showing 1 changed file with 2 additions and 2 deletions.
4 changes: 2 additions & 2 deletions test/jdk/sun/security/ssl/ALPN/AlpnGreaseTest.java
View file
@@ -1,5 +1,5 @@
/*
* Copyright (c) 2020, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2020, 2022, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
Expand Down Expand Up @@ -83,7 +83,7 @@ public class AlpnGreaseTest implements SSLContextTemplate {
new String(greaseBytes, StandardCharsets.ISO_8859_1);

private static void findGreaseInClientHello(byte[] bytes) throws Exception {
for (int i = 0; i < bytes.length - greaseBytes.length; i++) {
for (int i = 0; i < bytes.length - greaseBytes.length + 1; i++) {

This comment has been minimized.

Sign in to view

Copy link
@rgiulietti

rgiulietti Jun 13, 2022

Contributor

What about
for (int i = 0; i <= bytes.length - greaseBytes.length; i++) {
The final + 1 addition could perhaps overflow in some admittedly rare circumstances
if (Arrays.equals(bytes, i, i + greaseBytes.length,
greaseBytes, 0, greaseBytes.length)) {
System.out.println("Found greaseBytes in ClientHello at: " + i);
Expand Down

3 comments on commit 2adef6a

@openjdk-notifier
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Review

Issues

@TheRealMDoerr
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/backport jdk17u-dev

@openjdk
Copy link

@openjdk openjdk bot commented on 2adef6a Aug 7, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@TheRealMDoerr the backport was successfully created on the branch TheRealMDoerr-backport-2adef6a1 in my personal fork of openjdk/jdk17u-dev. To create a pull request with this backport targeting openjdk/jdk17u-dev:master, just click the following link:

➡️ Create pull request

The title of the pull request is automatically filled in correctly and below you find a suggestion for the pull request body:

Hi all,

This pull request contains a backport of commit 2adef6a1 from the openjdk/jdk repository.

The commit being backported was authored by Kevin Driver on 13 Jun 2022 and was reviewed by Bradford Wetmore.

Thanks!

If you need to update the source branch of the pull then run the following commands in a local clone of your personal fork of openjdk/jdk17u-dev:

$ git fetch https://github.com/openjdk-bots/jdk17u-dev.git TheRealMDoerr-backport-2adef6a1:TheRealMDoerr-backport-2adef6a1
$ git checkout TheRealMDoerr-backport-2adef6a1
# make changes
$ git add paths/to/changed/files
$ git commit --message 'Describe additional changes made'
$ git push https://github.com/openjdk-bots/jdk17u-dev.git TheRealMDoerr-backport-2adef6a1

Please sign in to comment.