On Fri, 12 Jan 2024 11:43:23 GMT, Aleksey Shipilev <sh...@openjdk.org> wrote:
> No need, that one is an easy target for static analyzers. This bug was found > by one :) I think this one will require digging into whether the no-arg read is used in the authentication or not. It might not be, in which case it's not testable with something that emulates LDAPv3. However if it is used then we should have fuzzing or other tests to exercise it. I'm not saying it should be part of this PR but finding a 15+ year issue in authentication code is concerning so will need follow-up. ------------- PR Comment: https://git.openjdk.org/jdk/pull/17365#issuecomment-1888973627
