Mercurial > hg > icedtea7-forest > jdk
changeset 9103:12ae26801105
8168705: Better ObjectIdentifier validation
Reviewed-by: ascarpino
author | robm |
---|---|
date | Fri, 18 Nov 2016 14:52:52 +0000 |
parents | 664e02d0d756 |
children | 264d3a1dbc6a |
files | src/share/classes/sun/security/util/ObjectIdentifier.java |
diffstat | 1 files changed, 7 insertions(+), 1 deletions(-) [+] |
line wrap: on
line diff
--- a/src/share/classes/sun/security/util/ObjectIdentifier.java Tue Oct 25 11:52:39 2016 -0700 +++ b/src/share/classes/sun/security/util/ObjectIdentifier.java Fri Nov 18 14:52:52 2016 +0000 @@ -255,7 +255,13 @@ + " (tag = " + type_id + ")" ); - encoding = new byte[in.getLength()]; + int len = in.getLength(); + if (len > in.available()) { + throw new IOException("ObjectIdentifier() -- length exceeds" + + "data available. Length: " + len + ", Available: " + + in.available()); + } + encoding = new byte[len]; in.getBytes(encoding); check(encoding); }