PM12610: SUN SECURITY FIX 6898622

APAR status

• Closed as program error.

Error description

• Error Message: N/A
  .
  Stack Trace: N/A
  .
  N/A
  

Local fix

• N/A
  

Problem summary

• Abstract: ObjectIdentifer.equals is not capable of detecting
  incorrectly encoded CommonName OIDs
  This is a Sun security fix, but it has not been deemed serious
  enough to warrant publication of a Sun Alert. However, it should
  still be ported.
  The testcase for SSB 6898622 is shown below:
    import com.ibm.security.util.*;
  
     public class BerOid {
         public static void main(String<OSB><CSB> args) throws
  Exception {
             new DerValue(new byte<OSB><CSB> {6, 4, 85, 4,
  (byte)0x80, 3}).getOID();
  
         }
    }
  On running this with the latest Sun JDK (which includes the fix
  for this SSB) it throws the exception below:
  Exception in thread "main" java.io.IOException:
  ObjectIdentifier() -- sub component starts with 0x80
          at
  sun.security.util.ObjectIdentifier.getComponent(ObjectIdentifier
  .java:310)
          at
  sun.security.util.ObjectIdentifier.initFromEncoding(ObjectIdenti
  fier.java:212)
          at
  sun.security.util.ObjectIdentifier.<init>(ObjectIdentifier.java:
  174)
          at sun.security.util.DerValue.getOID(DerValue.java:431)
          at BerOid.main(BerOid.java:12)
  But when the same testcase is run with the IBM JDK it is not
  throwing this exception.
  

Problem conclusion

• This defect will be fixed in:
  1.4.2 SR13 FP5
  5.0.0 SR11 FP2
  6.0.0 SR8
  .
  The fix for the reported Sun Bug has been ported.
  .
  To obtain the fix:
  Install build 20100217 or later
  

Temporary fix

Comments

APAR Information

• APAR is sysrouted FROM one or more of the following:

• APAR is sysrouted TO one or more of the following:

  IZ74740 IZ74778

Fix information

• Fixed component name

  JAVA(1.3/1.4 CO

• Fixed component ID

  5648C9800

Applicable component levels

• R42A PSN

     UP

• R42L PSN

     UP

• R42W PSN

     UP

• R420 PSN

     UP