Uploaded image for project: 'Qpid'
  1. Qpid
  2. QPID-7470

[Java Broker] Address javax.xml.bind.DatatypeConverter shortcomings

    XMLWordPrintableJSON

Details

    Description

      javax.xml.bind.DatatypeConverterImpl#parseBase64Binary has shortcomings that we should address. It does not (as the java docs suggest) throw IllegalArgumentException when the argument contains characters outside the valid base64 value space. Instead it will skip invalid characters in the (7-bit) ASCII range and throw a ArrayIndexOutOfBoundsException on non-ASCII characters.

      We should guard against these cases. Maybe by wrapping javax.xml.bind.DatatypeConverterImpl in our own class and doing input validation there.

      See also (https://bugs.openjdk.java.net/browse/JDK-8168456)

      Attachments

        Activity

          People

            kwall Keith Wall
            lorenz.quack Lorenz Quack
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: