Mercurial > hg > release > icedtea7-forest-2.6 > jdk
changeset 9691:30a937b33d21
8208585: Make crypto code more robust
Reviewed-by: ascarpino, mschoene
| author | coffeys |
|---|---|
| date | Mon, 27 Aug 2018 11:29:14 +0100 |
| parents | 25c5bade0406 |
| children | 38d6c467c411 |
| files | src/share/classes/com/sun/crypto/provider/RSACipher.java src/share/classes/sun/security/pkcs11/P11Signature.java src/share/classes/sun/security/provider/DSA.java src/windows/classes/sun/security/mscapi/RSASignature.java |
| diffstat | 4 files changed, 13 insertions(+), 9 deletions(-) [+] |
line wrap: on
line diff
--- a/src/share/classes/com/sun/crypto/provider/RSACipher.java Thu Jul 26 04:36:08 2018 -0700 +++ b/src/share/classes/com/sun/crypto/provider/RSACipher.java Mon Aug 27 11:29:14 2018 +0100 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2003, 2015, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2003, 2018, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -329,7 +329,7 @@ if ((inLen == 0) || (in == null)) { return; } - if (bufOfs + inLen > buffer.length) { + if (inLen > (buffer.length - bufOfs)) { bufOfs = buffer.length + 1; return; }
--- a/src/share/classes/sun/security/pkcs11/P11Signature.java Thu Jul 26 04:36:08 2018 -0700 +++ b/src/share/classes/sun/security/pkcs11/P11Signature.java Mon Aug 27 11:29:14 2018 +0100 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2003, 2016, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2003, 2018, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -440,6 +440,10 @@ if (len == 0) { return; } + // check for overflow + if (len + bytesProcessed < 0) { + throw new ProviderException("Processed bytes limits exceeded."); + } switch (type) { case T_UPDATE: try {
--- a/src/share/classes/sun/security/provider/DSA.java Thu Jul 26 04:36:08 2018 -0700 +++ b/src/share/classes/sun/security/provider/DSA.java Mon Aug 27 11:29:14 2018 +0100 @@ -1,5 +1,5 @@ /* - * Copyright (c) 1996, 2017, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 1996, 2018, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -503,7 +503,7 @@ } } protected void engineUpdate(byte[] input, int offset, int len) { - if (ofs + len > digestBuffer.length) { + if (len > (digestBuffer.length - ofs)) { ofs = Integer.MAX_VALUE; } else { System.arraycopy(input, offset, digestBuffer, ofs, len); @@ -512,7 +512,7 @@ } protected final void engineUpdate(ByteBuffer input) { int inputLen = input.remaining(); - if (ofs + inputLen > digestBuffer.length) { + if (inputLen > (digestBuffer.length - ofs)) { ofs = Integer.MAX_VALUE; } else { input.get(digestBuffer, ofs, inputLen);
--- a/src/windows/classes/sun/security/mscapi/RSASignature.java Thu Jul 26 04:36:08 2018 -0700 +++ b/src/windows/classes/sun/security/mscapi/RSASignature.java Mon Aug 27 11:29:14 2018 +0100 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2005, 2012, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2005, 2018, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -133,7 +133,7 @@ @Override protected void engineUpdate(byte[] b, int off, int len) throws SignatureException { - if (offset + len > precomputedDigest.length) { + if (len > (precomputedDigest.length - offset)) { offset = RAW_RSA_MAX + 1; return; } @@ -148,7 +148,7 @@ if (len <= 0) { return; } - if (offset + len > precomputedDigest.length) { + if (len > (precomputedDigest.length - offset)) { offset = RAW_RSA_MAX + 1; return; }