VOOZH about

URL: https://www.ibm.com/support/pages/apar/IJ36442

⇱ IJ36442: IBMJCEPLUS THROWS A PROVIDEREXCEPTION INSTEAD OF AN ARRAYINDEXOUTOFBOUNDSEXCEPTION.

IJ36442: IBMJCEPLUS THROWS A PROVIDEREXCEPTION INSTEAD OF AN ARRAYINDEXOUTOFBOUNDSEXCEPTION.

APAR status

  • Closed as program error.

Error description

  • Error Message: When negative offsets are specified during a
Message Digest update operation, IBMJCEPlus provider throws a
ProviderException instead of the expected
ArrayIndexOutOfBoundsException.
.
Stack Trace: Exception in thread "main"
java.security.ProviderException: Failure in engineUpdate
 at
com.ibm.crypto.plus.provider.IBMJCEPlus.a(IBMJCEPlus.java:185)
 at
com.ibm.crypto.plus.provider.s.engineUpdate(s.java:28)
 at
java.security.MessageDigest$Delegate.engineUpdate(MessageDigest.
java:608)
 at
java.security.MessageDigest.update(MessageDigest.java:336)
.
N/A

Local fix



Problem summary


    

  • IBMJCEPlus throws a ProviderException instead of an
ArrayIndexOutOfBoundsException when negative offsets are
specified during a Message Digest update operation.



Problem conclusion


    

  • The JVM has been updated to throw the expected
ArrayIndexOutOfBoundsException when negative offsets are
specified during a Message Digest update operation.
The associated Hursley RTC Problem Report is: 146325
The associated Austin Git issue is: 397 (IBMJCEPlus)
The fix was delivered for Java 8.0 SR7FP5
The files affected:
ibmjceplus.jar (Build-Date: 20211201)
.
This APAR will be fixed in the following Java Releases:
 8 SR7 FP5 (8.0.7.5)
.
Contact your IBM Product's Service Team for these Service
Refreshes and Fix Packs.
For those running stand-alone, information about the available
Service Refreshes and Fix Packs can be found at:
 https://www.ibm.com/developerworks/java/jdk/



Temporary fix


    



Comments


    



APAR Information




    

  • APAR number
    IJ36442
    • 

  • Reported component name
    SECURITY
    • 

  • Reported component ID
    620700125
    • 

  • Reported release
    270
    • 

  • Status
    CLOSED PER
    • 

  • PE
    NoPE
    • 

  • HIPER
    NoHIPER
    • 

  • Special Attention
    NoSpecatt / Xsystem
    • 

  • Submitted date
    2021-12-07
    • 

  • Closed date
    2022-01-20
    • 

  • Last modified date
    2022-01-20
    • 





    

  • APAR is sysrouted FROM one or more of the following:
    

    • 

  • APAR is sysrouted TO one or more of the following:
    

    • 



Fix information


    

  • Fixed component name
    SECURITY
    • 

  • Fixed component ID
    620700125
    • 



Applicable component levels







 
 
 
 

 [{"Line of Business":{"code":"LOB36","label":"IBM Automation"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSNVBF","label":"Runtimes for Java Technology"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"270"}]
 

 

 
 
 

 

 

 

 

 

 
Document Information


 

 

 Modified date:
 

 21 January 2022