Mercurial > hg > release > icedtea7-forest-2.4 > jdk
changeset 7332:ad775235b3f9
8034272: Do not cram data into CRAM arrays
Reviewed-by: vinnie, coffeys, ahgross
author | mbankal |
---|---|
date | Wed, 05 Mar 2014 20:56:53 -0800 |
parents | ab5720f37cd4 |
children | 75ad6f000a10 |
files | src/share/classes/com/sun/security/sasl/CramMD5Base.java |
diffstat | 1 files changed, 11 insertions(+), 9 deletions(-) [+] |
line wrap: on
line diff
--- a/src/share/classes/com/sun/security/sasl/CramMD5Base.java Mon Mar 03 09:21:16 2014 -0800 +++ b/src/share/classes/com/sun/security/sasl/CramMD5Base.java Wed Mar 05 20:56:53 2014 -0800 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2003, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2003, 2014, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -32,6 +32,7 @@ import java.security.NoSuchAlgorithmException; import java.security.MessageDigest; +import java.util.Arrays; import java.util.logging.Logger; /** @@ -159,7 +160,7 @@ MessageDigest md5 = MessageDigest.getInstance("MD5"); /* digest the key if longer than 64 bytes */ - if (key.length > 64) { + if (key.length > MD5_BLOCKSIZE) { key = md5.digest(key); } @@ -169,13 +170,9 @@ int i; /* store key in pads */ - for (i = 0; i < MD5_BLOCKSIZE; i++) { - for ( ; i < key.length; i++) { - ipad[i] = key[i]; - opad[i] = key[i]; - } - ipad[i] = 0x00; - opad[i] = 0x00; + for (i = 0; i < key.length; i++) { + ipad[i] = key[i]; + opad[i] = key[i]; } /* XOR key with pads */ @@ -207,6 +204,11 @@ } } + Arrays.fill(ipad, (byte)0); + Arrays.fill(opad, (byte)0); + ipad = null; + opad = null; + return (digestString.toString()); }