Mercurial > hg > icedtea7-forest > jdk

changeset 9103:12ae26801105

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
8168705: Better ObjectIdentifier validation Reviewed-by: ascarpino
author robm
date Fri, 18 Nov 2016 14:52:52 +0000
parents 664e02d0d756
children 264d3a1dbc6a
files src/share/classes/sun/security/util/ObjectIdentifier.java
diffstat 1 files changed, 7 insertions(+), 1 deletions(-) [+]
line wrap: on
line diff
--- a/src/share/classes/sun/security/util/ObjectIdentifier.java	Tue Oct 25 11:52:39 2016 -0700
+++ b/src/share/classes/sun/security/util/ObjectIdentifier.java	Fri Nov 18 14:52:52 2016 +0000
@@ -255,7 +255,13 @@
                 + " (tag = " +  type_id + ")"
                 );
 
-        encoding = new byte[in.getLength()];
+        int len = in.getLength();
+        if (len > in.available()) {
+            throw new IOException("ObjectIdentifier() -- length exceeds" +
+                    "data available.  Length: " + len + ", Available: " +
+                    in.available());
+        }
+        encoding = new byte[len];
         in.getBytes(encoding);
         check(encoding);
     }