On Fri, 12 Jan 2024 11:54:06 GMT, Alan Bateman <al...@openjdk.org> wrote:
> I think this one will require digging into whether the no-arg read is used in > the authentication or not. It might not be, in which case it's not testable > with something that emulates LDAPv3. However if it is used then we should > have fuzzing or other tests to exercise it. I'm not saying it should be part > of this PR but finding a 15+ year issue in authentication code is concerning > so will need follow-up. AFAICT the no arg read() method is never called by the JNDI/LDAP stack. This explains why it never made any test fail. ------------- PR Comment: https://git.openjdk.org/jdk/pull/17365#issuecomment-1889065309
