Skip to content

D
dragonwell8_jdk

openanolis / dragonwell8_jdk

通知 3
Star 2
Fork 0
D
dragonwell8_jdk

前往新版Gitcode,体验更适合开发者的 AI 搜索 >>

提交 b70e849d 编写于 作者: A andrew
浏览文件
操作

8028591: NegativeArraySizeException in sun.security.util.DerInputStream.getUnalignedBitString() 

Reviewed-by: mbalao
上级 3c74f3cc
隐藏空白更改
内联 并排
Showing with 63 addition and 17 deletion
src/share/classes/sun/security/util/DerInputStream.java
浏览文件 @ b70e849d
......@@ -191,7 +191,7 @@ public class DerInputStream {
if (buffer.read() != DerValue.tag_Integer) {
throw new IOException("DER input, Integer tag error");
}
return buffer.getInteger(getLength(buffer));
return buffer.getInteger(getDefiniteLength(buffer));
}
/**
......@@ -203,7 +203,7 @@ public class DerInputStream {
if (buffer.read() != DerValue.tag_Integer) {
throw new IOException("DER input, Integer tag error");
}
return buffer.getBigInteger(getLength(buffer), false);
return buffer.getBigInteger(getDefiniteLength(buffer), false);
}
/**
......@@ -217,7 +217,7 @@ public class DerInputStream {
if (buffer.read() != DerValue.tag_Integer) {
throw new IOException("DER input, Integer tag error");
}
return buffer.getBigInteger(getLength(buffer), true);
return buffer.getBigInteger(getDefiniteLength(buffer), true);
}
/**
......@@ -229,7 +229,7 @@ public class DerInputStream {
if (buffer.read() != DerValue.tag_Enumerated) {
throw new IOException("DER input, Enumerated tag error");
}
return buffer.getInteger(getLength(buffer));
return buffer.getInteger(getDefiniteLength(buffer));
}
/**
......@@ -240,7 +240,7 @@ public class DerInputStream {
if (buffer.read() != DerValue.tag_BitString)
throw new IOException("DER input not an bit string");
return buffer.getBitString(getLength(buffer));
return buffer.getBitString(getDefiniteLength(buffer));
}
/**
......@@ -248,15 +248,21 @@ public class DerInputStream {
* not be byte-aligned.
*/
public BitArray getUnalignedBitString() throws IOException {
if (buffer.read() != DerValue.tag_BitString)
if (buffer.read() != DerValue.tag_BitString) {
throw new IOException("DER input not a bit string");
}
int length = getDefiniteLength(buffer);
int length = getLength(buffer) - 1;
if (length == 0) {
return new BitArray(0);
}
/*
* First byte = number of excess bits in the last octet of the
* representation.
*/
length--;
int excessBits = buffer.read();
if (excessBits < 0) {
throw new IOException("Unused bits of bit string invalid");
......@@ -282,7 +288,7 @@ public class DerInputStream {
if (buffer.read() != DerValue.tag_OctetString)
throw new IOException("DER input not an octet string");
int length = getLength(buffer);
int length = getDefiniteLength(buffer);
byte[] retval = new byte[length];
if ((length != 0) && (buffer.read(retval) != length))
throw new IOException("Short read of DER octet string");
......@@ -397,7 +403,7 @@ public class DerInputStream {
if (tag != buffer.read())
throw new IOException("Indefinite length encoding" +
" not supported");
len = DerInputStream.getLength(buffer);
len = DerInputStream.getDefiniteLength(buffer);
}
if (len == 0)
......@@ -514,7 +520,7 @@ public class DerInputStream {
throw new IOException("DER input not a " +
stringName + " string");
int length = getLength(buffer);
int length = getDefiniteLength(buffer);
byte[] retval = new byte[length];
if ((length != 0) && (buffer.read(retval) != length))
throw new IOException("Short read of DER " +
......@@ -529,7 +535,7 @@ public class DerInputStream {
public Date getUTCTime() throws IOException {
if (buffer.read() != DerValue.tag_UtcTime)
throw new IOException("DER input, UTCtime tag invalid ");
return buffer.getUTCTime(getLength(buffer));
return buffer.getUTCTime(getDefiniteLength(buffer));
}
/**
......@@ -538,7 +544,7 @@ public class DerInputStream {
public Date getGeneralizedTime() throws IOException {
if (buffer.read() != DerValue.tag_GeneralizedTime)
throw new IOException("DER input, GeneralizedTime tag invalid ");
return buffer.getGeneralizedTime(getLength(buffer));
return buffer.getGeneralizedTime(getDefiniteLength(buffer));
}
/*
......@@ -618,6 +624,24 @@ public class DerInputStream {
return value;
}
int getDefiniteLength() throws IOException {
return getDefiniteLength(buffer);
}
/*
* Get a length from the input stream.
*
* @return the length
* @exception IOException on parsing error or if indefinite length found.
*/
static int getDefiniteLength(InputStream in) throws IOException {
int len = getLength(in);
if (len < 0) {
throw new IOException("Indefinite length encoding not supported");
}
return len;
}
/**
* Mark the current position in the buffer, so that
* a later call to <code>reset</code> will return here.
......
src/share/classes/sun/security/util/DerValue.java
浏览文件 @ b70e849d
......@@ -271,7 +271,7 @@ public class DerValue {
if (tag != inbuf.read())
throw new IOException
("Indefinite length encoding not supported");
length = DerInputStream.getLength(inbuf);
length = DerInputStream.getDefiniteLength(inbuf);
buffer = inbuf.dup();
buffer.truncate(length);
data = new DerInputStream(buffer);
......@@ -403,7 +403,7 @@ public class DerValue {
if (tag != in.read())
throw new IOException
("Indefinite length encoding not supported");
length = DerInputStream.getLength(in);
length = DerInputStream.getDefiniteLength(in);
}
if (fullyBuffered && in.available() != length)
......
src/share/classes/sun/security/util/ObjectIdentifier.java
浏览文件 @ b70e849d
......@@ -259,7 +259,7 @@ class ObjectIdentifier implements Serializable
+ " (tag = " + type_id + ")"
);
int len = in.getLength();
int len = in.getDefiniteLength();
if (len > in.available()) {
throw new IOException("ObjectIdentifier() -- length exceeds" +
"data available. Length: " + len + ", Available: " +
......
test/java/security/cert/X509Certificate/X509BadCertificate.java
浏览文件 @ b70e849d
/*
* Copyright (c) 2001, 2013, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2001, 2014, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
......@@ -23,7 +23,7 @@
/**
* @test
* @bug 8028431
* @bug 8028431 8028591
* @summary Make sure that proper CertificateException is thrown
* when loading bad x509 certificate
* @author Artem Smotrakov
......@@ -39,6 +39,7 @@ public class X509BadCertificate {
public static void main(String[] args) throws Exception {
test("bad-cert-1.pem");
test("bad-cert-2.pem");
}
/**
......
test/java/security/cert/X509Certificate/bad-cert-2.pem 0 → 100644
浏览文件 @ b70e849d
-----BEGIN CERTIFICATE-----
MIIDZzCCAk+gAwIBAgIJAJYB3qu9C2kiMA0GCSqGSIb3DQEBBQUAMEoxDTALBgNV
BAMMBFRlc3QxDTALBgNVBAsMBEphdmExDzANBgNVBAoMBk9yYWNsZTEMMAoGA1UE
BwwDU1BCMQswCQYDVQQGEwJSVTAeFw0xMzEyMjMwNzA4MDhaFw0yMzEyMjEwNzA4
MDhaMEoxDTALBgNVBAMMBFRlc3QxDTALBgNVBAsMBEphdmExDzANBgNVBAoMBk9y
YWNsZTEMMAoGA1UEBwwDU1BCMQswCQYDVQQGEwJSVTCCASIwDQYJKoZIhvcNAQEB
BQADgGEPADCCAQoCggEBAOqiCN4gFxehl547Q7/VNGbGApr+wszLdanHPucAH6Wf
LtcRhKNUSqtBAQxEpFrTpMNEqm2GElAjiPa6m48qIjLVSvOb/9w3G/yXB8zyZbIm
/Nfp2sT4OEaa1JSEZSpolhS4FfqYzjGQp5cn4Xn4zKjDgiceHgfLls5x2dRydQZO
Yf91qSIioZxVHUtlo8yztkieiSaqPWt3nJ4PIwhFbsu1HVmWaYZD+nBYCKgVHqrS
cueO98Ca4Doz73O27X1dVbQBdLS0JI7qVAG8LD388iPL8qbsOkgWPzmEQ+kLRKO4
g7RpuwlXuwaMSh95NWaxlu4Ob6GRJQmpconYoe13+7ECAwEAAaNQME4wHQYDVR0O
BBYEFIG8TPobXcbNbDi+zKudd9whpxoNMB8GA1UdIwQYMBaAFIG8TPobXcbNbDi+
zKudd9whpxoNMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADggEBAAynN+e7
h+ufT5SBKN/gBuJAnF1mKIPESiipuv5KoYUGZOY8ShgYLcwY+qnbuHYFUlvq6Zns
K4/e+x/16h32vD7dEPkNvukbvER4YJQQiN6osDfXpTPzixYftWdmtX0u8xQfwb/g
R8DS7bazz99jVXk+jTK4yWBY+gMwEat+LyNQ5cyq8Qhi1oBKUbGRbiOts19B97fn
Rv8TsyXN3INLGYhdVxZoD7E5tyG1ydSFmOMadulAC2epBXDHOXZnz2UWauJc0XW5
1L/YQVri47VkdHS3tisBzELEJdLmdMDb+5tAU+lItXmTXe2/PB53WIvsEIb4t+eQ
wY0hCj9lVJlajTQ=
-----END CERTIFICATE-----
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册