dghgit commented on issue #455:
URL: https://github.com/apache/mina-sshd/issues/455#issuecomment-1912009349
The following in BaseCipher:
```
public void update(byte[] input, int inputOffset, int inputLen) throws
Exception {
cipher.update(input, inputOffset, inputLen, input, inputOffset);
}
```
needs to be:
```
public int update(byte[] input, int inputOffset, int inputLen, int
outputOffset) throws Exception {
return cipher.update(input, inputOffset, inputLen, input,
outputOffset);
}
```
The problem is the calling class is assuming it knows how much output it's
getting back, something it cannot know unless it can see the return value from
cipher.update(). I'd be very suspicous of the second use of inputOffset as well
- while it's okay to process in place (so pass the variable input in twice,
inputOffset is unlikely to represent the correct offset that any output from
the cipher.update() will be written to, the output offset needs to be passed in
as well (after the call above, inputOffset can be safely incremented by
inputLen, outputOffset would be incremented by the return value from
BaseCipher.update()).
The same usage constraints are required for doFinal().
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
