Mercurial > hg > openjdk > jdk9 > jdk
changeset 17262:8f495dec1ba6
8169392: Additional jar validation steps
Reviewed-by: mullan, herrick, ahgross
author | weijun |
---|---|
date | Fri, 03 Feb 2017 10:32:58 +0800 |
parents | 6ec8211b3adc |
children | 6c01ea8d6930 |
files | src/java.base/share/classes/java/util/jar/JarVerifier.java src/java.base/share/classes/sun/security/util/ManifestEntryVerifier.java |
diffstat | 2 files changed, 14 insertions(+), 7 deletions(-) [+] |
line wrap: on
line diff
--- a/src/java.base/share/classes/java/util/jar/JarVerifier.java Wed Dec 21 10:15:49 2016 -0500 +++ b/src/java.base/share/classes/java/util/jar/JarVerifier.java Fri Feb 03 10:32:58 2017 +0800 @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997, 2013, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 1997, 2017, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -180,10 +180,12 @@ // only set the jev object for entries that have a signature // (either verified or not) - if (sigFileSigners.get(name) != null || - verifiedSigners.get(name) != null) { - mev.setEntry(name, je); - return; + if (!name.equals(JarFile.MANIFEST_NAME)) { + if (sigFileSigners.get(name) != null || + verifiedSigners.get(name) != null) { + mev.setEntry(name, je); + return; + } } // don't compute the digest for this entry
--- a/src/java.base/share/classes/sun/security/util/ManifestEntryVerifier.java Wed Dec 21 10:15:49 2016 -0500 +++ b/src/java.base/share/classes/sun/security/util/ManifestEntryVerifier.java Fri Feb 03 10:32:58 2017 +0800 @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997, 2013, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 1997, 2017, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -107,6 +107,8 @@ /* get the headers from the manifest for this entry */ /* if there aren't any, we can't verify any digests for this entry */ + skip = false; + Attributes attr = man.getAttributes(name); if (attr == null) { // ugh. we should be able to remove this at some point. @@ -141,7 +143,6 @@ } if (digest != null) { - skip = false; digest.reset(); digests.add(digest); manifestHashes.add( @@ -197,6 +198,10 @@ return null; } + if (digests.isEmpty()) { + throw new SecurityException("digest missing for " + name); + } + if (signers != null) return signers;