Skip to content

Commit 9c35d59

Browse files
Scott GibbonsRealCLanger
Scott Gibbons
authored andcommitted
8280703: CipherCore.doFinal(...) causes potentially massive byte[] allocations during decryption
Backport-of: 409382ba4b43bf48ed0086020dd20641effd35b6
1 parent 53caaf5 commit 9c35d59

File tree

1 file changed

+8
-5
lines changed

1 file changed

+8
-5
lines changed

src/java.base/share/classes/com/sun/crypto/provider/CipherCore.java

+8-5
Original file line numberDiff line numberDiff line change
@@ -1,5 +1,5 @@
11
/*
2-
* Copyright (c) 2002, 2021, Oracle and/or its affiliates. All rights reserved.
2+
* Copyright (c) 2002, 2022, Oracle and/or its affiliates. All rights reserved.
33
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
44
*
55
* This code is free software; you can redistribute it and/or modify it
@@ -813,10 +813,13 @@ int doFinal(byte[] input, int inputOffset, int inputLen, byte[] output,
813813
if (outputCapacity < estOutSize) {
814814
cipher.save();
815815
}
816-
// create temporary output buffer if the estimated size is larger
817-
// than the user-provided buffer.
818-
internalOutput = new byte[estOutSize];
819-
offset = 0;
816+
if (outputCapacity < estOutSize || padding != null) {
817+
// create temporary output buffer if the estimated size is larger
818+
// than the user-provided buffer or a padding needs to be removed
819+
// before copying the unpadded result to the output buffer
820+
internalOutput = new byte[estOutSize];
821+
offset = 0;
822+
}
820823
}
821824

822825
byte[] outBuffer = (internalOutput != null) ? internalOutput : output;

0 commit comments

Comments
 (0)