Message-ID: <gh-pgjdbc-pgjdbc-3492-rc1928372613@github.com>
From: "Sasasu (@Sasasu)" <noreply+Sasasu@github.com>
To: "pgjdbc/pgjdbc" <noreply+pgjdbc-pgjdbc@github.com>
Date: Fri, 24 Jan 2025 09:16:06 +0000
Subject: Re: [pgjdbc/pgjdbc] PR #3492: fix: ArrayIndexOutOfBounds when write big object into GSS enabled connection
In-Reply-To: <gh-pgjdbc-pgjdbc-3492-rc1926748272@github.com>
References: <gh-pgjdbc-pgjdbc-3492@github.com> <gh-pgjdbc-pgjdbc-3492-rc1926748272@github.com>
List-Id: <gh-pgjdbc-pgjdbc.github.com>
X-GitHub-Author-Login: Sasasu
X-GitHub-Comment-Id: 1928372613
X-GitHub-Comment-Type: review_comment
X-GitHub-Commit: b6281eaaf88f3471a04bec5339fe92847ccad28c
X-GitHub-Issue: 3492
X-GitHub-Path: pgjdbc/src/main/java/org/postgresql/gss/GSSOutputStream.java
X-GitHub-Repo: pgjdbc/pgjdbc
X-GitHub-Type: review_comment
X-GitHub-Url: https://github.com/pgjdbc/pgjdbc/pull/3492#discussion_r1928372613
Content-Type: text/plain; charset=utf-8

(on pgjdbc/src/main/java/org/postgresql/gss/GSSOutputStream.java)

`token.length` may comes from a bigger buffer, `gssContext.wrap` will encode `b[off: off + len]` and return `b` as `token`. if `b` is bigger than `len`, `writeWrapped()` will wirte an incorrect length.