Skip to content

Improve buffer handling during error handling#1495

Merged
jasonkatonica merged 1 commit into
IBM:java25from
jasonkatonica:katonica/issue1345/fixvsprintf-java25
May 27, 2026
Merged

Improve buffer handling during error handling#1495
jasonkatonica merged 1 commit into
IBM:java25from
jasonkatonica:katonica/issue1345/fixvsprintf-java25

Conversation

@jasonkatonica
Copy link
Copy Markdown
Member

@jasonkatonica jasonkatonica commented May 26, 2026

  • Replace unsafe vsprintf() with safer vsnprintf() in Utils.c to prevent possible buffer overflows in gslogError(), gslogMessage(), and gslogMessagePrefix() functions
  • Fix incorrect variable references in RSA debug logging which prevents compiling debug code. This results in syntax errors:
    • Use ciphertextLen instead of plaintextLen in RSA.c
    • Use keyBytesNative instead of pBytes in RSAKey.c
  • Improve error handling in ockCheckStatus() by using ICC_ERR_error_string_n() with bounded fixed size buffer. Loop printing exception messages changed to print any error code not just the value 1.
  • Remove unused OpenSSLError() function from CCM.c

These changes enhance security by preventing the potential of a buffer overflow and fix debug logging to display correct variable values.

Fixes #1345

Back-ported from: #1484

Signed-off-by: Jason Katonica katonica@us.ibm.com

@jasonkatonica
Improve buffer handling during error handling
738cd4f 
- Replace unsafe vsprintf() with safer vsnprintf() in Utils.c to prevent
  possible buffer overflows in gslogError(), gslogMessage(), and
  gslogMessagePrefix() functions
- Fix incorrect variable references in RSA debug logging which prevents
  compiling debug code. This results in syntax errors:
  - Use ciphertextLen instead of plaintextLen in RSA.c
  - Use keyBytesNative instead of pBytes in RSAKey.c
- Improve error handling in ockCheckStatus() by using
  ICC_ERR_error_string_n() with bounded fixed size buffer. Loop printing
  exception messages changed to print any error code not just the
  value `1`.
- Remove unused OpenSSLError() function from CCM.c

These changes enhance security by preventing the potential of a buffer
overflow and fix debug logging to display correct variable values.

Fixes IBM#1345

Back-ported from: IBM#1484

Signed-off-by: Jason Katonica <katonica@us.ibm.com>
KostasTsiounis
KostasTsiounis approved these changes May 27, 2026
View reviewed changes
Copy link
Copy Markdown
Member

@KostasTsiounis KostasTsiounis left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@jasonkatonica jasonkatonica merged commit 6a1a127 into IBM:java25 May 27, 2026
3 checks passed
@jasonkatonica jasonkatonica deleted the katonica/issue1345/fixvsprintf-java25 branch May 27, 2026 17:11
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@KostasTsiounis KostasTsiounis KostasTsiounis approved these changes

@johnpeck-us-ibm johnpeck-us-ibm johnpeck-us-ibm approved these changes

@taoliult taoliult Awaiting requested review from taoliult

@JinhangZhang JinhangZhang Awaiting requested review from JinhangZhang

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@jasonkatonica @KostasTsiounis @johnpeck-us-ibm