Mercurial > hg > icedtea7-forest > jdk
changeset 9214:acd986bf1ba5
8169392: Additional jar validation steps
Reviewed-by: mullan, herrick, ahgross
author | igerasim |
---|---|
date | Thu, 13 Jul 2017 22:44:24 +0100 |
parents | d76d9a9720ef |
children | b37777c2c9c5 |
files | src/share/classes/java/util/jar/JarVerifier.java src/share/classes/sun/security/util/ManifestEntryVerifier.java |
diffstat | 2 files changed, 14 insertions(+), 7 deletions(-) [+] |
line wrap: on
line diff
--- a/src/share/classes/java/util/jar/JarVerifier.java Fri Mar 17 16:41:06 2017 -0700 +++ b/src/share/classes/java/util/jar/JarVerifier.java Thu Jul 13 22:44:24 2017 +0100 @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997, 2011, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 1997, 2017, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -180,10 +180,12 @@ // only set the jev object for entries that have a signature // (either verified or not) - if (sigFileSigners.get(name) != null || - verifiedSigners.get(name) != null) { - mev.setEntry(name, je); - return; + if (!name.equals(JarFile.MANIFEST_NAME)) { + if (sigFileSigners.get(name) != null || + verifiedSigners.get(name) != null) { + mev.setEntry(name, je); + return; + } } // don't compute the digest for this entry
--- a/src/share/classes/sun/security/util/ManifestEntryVerifier.java Fri Mar 17 16:41:06 2017 -0700 +++ b/src/share/classes/sun/security/util/ManifestEntryVerifier.java Thu Jul 13 22:44:24 2017 +0100 @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997, 2011, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 1997, 2017, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -109,6 +109,8 @@ /* get the headers from the manifest for this entry */ /* if there aren't any, we can't verify any digests for this entry */ + skip = false; + Attributes attr = man.getAttributes(name); if (attr == null) { // ugh. we should be able to remove this at some point. @@ -143,7 +145,6 @@ } if (digest != null) { - skip = false; digest.reset(); digests.add(digest); manifestHashes.add( @@ -199,6 +200,10 @@ return null; } + if (digests.isEmpty()) { + throw new SecurityException("digest missing for " + name); + } + if (signers != null) return signers;