bug-classpath
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Bug crypto/28204] PBEKeySpec incorrectly deletes the originally passed


From: raif at swiftdsl dot com dot au
Subject: [Bug crypto/28204] PBEKeySpec incorrectly deletes the originally passed password array
Date: 30 Jun 2006 22:54:47 -0000


------- Comment #6 from raif at swiftdsl dot com dot au  2006-06-30 22:54 
-------
(In reply to comment #5)
> An update patch can be found here:
> 
> http://developer.classpath.org/pipermail/classpath-patches/attachments/20060629/37ada768/Crypto-PBEKeySpec.bin

looking at the javadoc of the RI, i feel that the [salt] suffers from the same
defect as the [password].  i'm sure one can show that in a testlet and include
in the fix cloning the salt's byte array if it's not null.

thoughts?


-- 


http://gcc.gnu.org/bugzilla/show_bug.cgi?id=28204





reply via email to

[Prev in Thread] Current Thread [Next in Thread]