Mercurial > hg > release > icedtea7-forest-2.6 > jdk

changeset 8337:50322d45a16b jdk7u76-b04

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Merge
author asaha
date Mon, 13 Oct 2014 13:58:04 -0700
parents e6805ad783c5 (current diff) 9451b685ed83 (diff)
children b306a3535fa5
files .hgtags
diffstat 4 files changed, 24 insertions(+), 5 deletions(-) [+]
line wrap: on
line diff
--- a/.hgtags	Fri Oct 10 08:31:55 2014 -0700
+++ b/.hgtags	Mon Oct 13 13:58:04 2014 -0700
@@ -514,6 +514,7 @@
 0fefa48e670a31015be985ba74e35841d0cc66c1 jdk7u75-b01
 e885a036cc5dc0f8fa07dc0a5f55647f819f3fc5 jdk7u75-b02
 4b81833e1c004460c78208c2529775a05f3abf80 jdk7u75-b03
+1964c973dcc1ddb30115b7c7b6183548b3adcdf5 jdk7u75-b04
 0666a58a7e584380c1b1dadb50ec67400110a9ab jdk7u76-b00
 182b3e8a732d6b0d21bd7d602361e5276f14b886 jdk7u76-b01
 3c743031578a431ccc1e27691b1958355d02caec jdk7u76-b02
--- a/src/share/classes/com/sun/jndi/ldap/BerDecoder.java	Fri Oct 10 08:31:55 2014 -0700
+++ b/src/share/classes/com/sun/jndi/ldap/BerDecoder.java	Mon Oct 13 13:58:04 2014 -0700
@@ -95,6 +95,9 @@
             for( int i = 0; i < lengthbyte; i++) {
                 retval = (retval << 8) + (buf[offset++] & 0xff);
             }
+            if (retval < 0) {
+                throw new DecodeException("Invalid length bytes");
+            }
             return retval;
         } else {
             return lengthbyte;
--- a/src/share/classes/sun/security/util/DerIndefLenConverter.java	Fri Oct 10 08:31:55 2014 -0700
+++ b/src/share/classes/sun/security/util/DerIndefLenConverter.java	Mon Oct 13 13:58:04 2014 -0700
@@ -156,12 +156,18 @@
         }
         if (isLongForm(lenByte)) {
             lenByte &= LEN_MASK;
-            if (lenByte > 4)
+            if (lenByte > 4) {
                 throw new IOException("Too much data");
-            if ((dataSize - dataPos) < (lenByte + 1))
+            }
+            if ((dataSize - dataPos) < (lenByte + 1)) {
                 throw new IOException("Too little data");
-            for (int i = 0; i < lenByte; i++)
+            }
+            for (int i = 0; i < lenByte; i++) {
                 curLen = (curLen << 8) + (data[dataPos++] & 0xff);
+            }
+            if (curLen < 0) {
+                throw new IOException("Invalid length bytes");
+            }
         } else {
            curLen = (lenByte & LEN_MASK);
         }
@@ -188,10 +194,15 @@
         }
         if (isLongForm(lenByte)) {
             lenByte &= LEN_MASK;
-            for (int i = 0; i < lenByte; i++)
+            for (int i = 0; i < lenByte; i++) {
                 curLen = (curLen << 8) + (data[dataPos++] & 0xff);
-        } else
+            }
+            if (curLen < 0) {
+                throw new IOException("Invalid length bytes");
+            }
+        } else {
             curLen = (lenByte & LEN_MASK);
+        }
         writeLength(curLen);
         writeValue(curLen);
     }
--- a/src/share/classes/sun/security/util/DerInputStream.java	Fri Oct 10 08:31:55 2014 -0700
+++ b/src/share/classes/sun/security/util/DerInputStream.java	Mon Oct 13 13:58:04 2014 -0700
@@ -566,6 +566,10 @@
                 value <<= 8;
                 value += 0x0ff & in.read();
             }
+            if (value < 0) {
+                throw new IOException("DerInputStream.getLength(): "
+                        + "Invalid length bytes");
+            }
         }
         return value;
     }