8280703: CipherCore.doFinal(...) causes potentially massive byte[] allocations during decryption

Scott Gibbons · RealCLanger · commit 9c35d599116e · 2023-02-24T22:15:39.000Z
Backport-of: 409382ba4b43bf48ed0086020dd20641effd35b6
diff --git a/src/java.base/share/classes/com/sun/crypto/provider/CipherCore.java b/src/java.base/share/classes/com/sun/crypto/provider/CipherCore.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2002, 2021, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2002, 2022, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -813,10 +813,13 @@ int doFinal(byte[] input, int inputOffset, int inputLen, byte[] output,
             if (outputCapacity < estOutSize) {
                 cipher.save();
             }
-            // create temporary output buffer if the estimated size is larger
-            // than the user-provided buffer.
-            internalOutput = new byte[estOutSize];
-            offset = 0;
+            if (outputCapacity < estOutSize || padding != null) {
+                // create temporary output buffer if the estimated size is larger
+                // than the user-provided buffer or a padding needs to be removed
+                // before copying the unpadded result to the output buffer
+                internalOutput = new byte[estOutSize];
+                offset = 0;
+            }
         }
 
         byte[] outBuffer = (internalOutput != null) ? internalOutput : output;
