Mercurial > hg > release > icedtea7-forest-2.6 > jdk
changeset 8337:50322d45a16b jdk7u76-b04
Merge
author | asaha |
---|---|
date | Mon, 13 Oct 2014 13:58:04 -0700 |
parents | e6805ad783c5 (current diff) 9451b685ed83 (diff) |
children | b306a3535fa5 |
files | .hgtags |
diffstat | 4 files changed, 24 insertions(+), 5 deletions(-) [+] |
line wrap: on
line diff
--- a/.hgtags Fri Oct 10 08:31:55 2014 -0700 +++ b/.hgtags Mon Oct 13 13:58:04 2014 -0700 @@ -514,6 +514,7 @@ 0fefa48e670a31015be985ba74e35841d0cc66c1 jdk7u75-b01 e885a036cc5dc0f8fa07dc0a5f55647f819f3fc5 jdk7u75-b02 4b81833e1c004460c78208c2529775a05f3abf80 jdk7u75-b03 +1964c973dcc1ddb30115b7c7b6183548b3adcdf5 jdk7u75-b04 0666a58a7e584380c1b1dadb50ec67400110a9ab jdk7u76-b00 182b3e8a732d6b0d21bd7d602361e5276f14b886 jdk7u76-b01 3c743031578a431ccc1e27691b1958355d02caec jdk7u76-b02
--- a/src/share/classes/com/sun/jndi/ldap/BerDecoder.java Fri Oct 10 08:31:55 2014 -0700 +++ b/src/share/classes/com/sun/jndi/ldap/BerDecoder.java Mon Oct 13 13:58:04 2014 -0700 @@ -95,6 +95,9 @@ for( int i = 0; i < lengthbyte; i++) { retval = (retval << 8) + (buf[offset++] & 0xff); } + if (retval < 0) { + throw new DecodeException("Invalid length bytes"); + } return retval; } else { return lengthbyte;
--- a/src/share/classes/sun/security/util/DerIndefLenConverter.java Fri Oct 10 08:31:55 2014 -0700 +++ b/src/share/classes/sun/security/util/DerIndefLenConverter.java Mon Oct 13 13:58:04 2014 -0700 @@ -156,12 +156,18 @@ } if (isLongForm(lenByte)) { lenByte &= LEN_MASK; - if (lenByte > 4) + if (lenByte > 4) { throw new IOException("Too much data"); - if ((dataSize - dataPos) < (lenByte + 1)) + } + if ((dataSize - dataPos) < (lenByte + 1)) { throw new IOException("Too little data"); - for (int i = 0; i < lenByte; i++) + } + for (int i = 0; i < lenByte; i++) { curLen = (curLen << 8) + (data[dataPos++] & 0xff); + } + if (curLen < 0) { + throw new IOException("Invalid length bytes"); + } } else { curLen = (lenByte & LEN_MASK); } @@ -188,10 +194,15 @@ } if (isLongForm(lenByte)) { lenByte &= LEN_MASK; - for (int i = 0; i < lenByte; i++) + for (int i = 0; i < lenByte; i++) { curLen = (curLen << 8) + (data[dataPos++] & 0xff); - } else + } + if (curLen < 0) { + throw new IOException("Invalid length bytes"); + } + } else { curLen = (lenByte & LEN_MASK); + } writeLength(curLen); writeValue(curLen); }
--- a/src/share/classes/sun/security/util/DerInputStream.java Fri Oct 10 08:31:55 2014 -0700 +++ b/src/share/classes/sun/security/util/DerInputStream.java Mon Oct 13 13:58:04 2014 -0700 @@ -566,6 +566,10 @@ value <<= 8; value += 0x0ff & in.read(); } + if (value < 0) { + throw new IOException("DerInputStream.getLength(): " + + "Invalid length bytes"); + } } return value; }