Mercurial > hg > release > icedtea7-forest-2.6 > jdk
changeset 8352:7ca26abf06dd jdk7u76-b06
Merge
author | asaha |
---|---|
date | Mon, 27 Oct 2014 12:35:54 -0700 |
parents | 8b02d56a3fb0 (current diff) 7ddb189fa294 (diff) |
children | 49d547aebf1f |
files | .hgtags |
diffstat | 7 files changed, 79 insertions(+), 50 deletions(-) [+] |
line wrap: on
line diff
--- a/.hgtags Tue Oct 21 13:12:24 2014 -0700 +++ b/.hgtags Mon Oct 27 12:35:54 2014 -0700 @@ -517,6 +517,7 @@ 4b81833e1c004460c78208c2529775a05f3abf80 jdk7u75-b03 1964c973dcc1ddb30115b7c7b6183548b3adcdf5 jdk7u75-b04 ec3e1e179298a41bc6b77a170e2da66efb0bae3b jdk7u75-b05 +e9596c6470c944ff19c5198cfeb7fd979aad9120 jdk7u75-b06 0666a58a7e584380c1b1dadb50ec67400110a9ab jdk7u76-b00 182b3e8a732d6b0d21bd7d602361e5276f14b886 jdk7u76-b01 3c743031578a431ccc1e27691b1958355d02caec jdk7u76-b02
--- a/src/share/classes/sun/security/jgss/GSSHeader.java Tue Oct 21 13:12:24 2014 -0700 +++ b/src/share/classes/sun/security/jgss/GSSHeader.java Mon Oct 27 12:35:54 2014 -0700 @@ -270,6 +270,9 @@ value <<= 8; value += 0x0ff & in.read(); } + if (value < 0) { + throw new IOException("Invalid length bytes"); + } } return value; }
--- a/src/share/classes/sun/security/jgss/GSSNameImpl.java Tue Oct 21 13:12:24 2014 -0700 +++ b/src/share/classes/sun/security/jgss/GSSNameImpl.java Mon Oct 27 12:35:54 2014 -0700 @@ -257,6 +257,10 @@ ((0xFF & bytes[pos++]) << 16) | ((0xFF & bytes[pos++]) << 8) | (0xFF & bytes[pos++])); + if (mechPortionLen < 0 || pos > bytes.length - mechPortionLen) { + throw new GSSExceptionImpl(GSSException.BAD_NAME, + "Exported name mech name is corrupted!"); + } byte[] mechPortion = new byte[mechPortionLen]; System.arraycopy(bytes, pos, mechPortion, 0, mechPortionLen);
--- a/src/share/classes/sun/security/jgss/wrapper/GSSNameElement.java Tue Oct 21 13:12:24 2014 -0700 +++ b/src/share/classes/sun/security/jgss/wrapper/GSSNameElement.java Mon Oct 27 12:35:54 2014 -0700 @@ -233,6 +233,9 @@ ((0xFF & nameVal[pos++]) << 16) | ((0xFF & nameVal[pos++]) << 8) | (0xFF & nameVal[pos++])); + if (mechPortionLen < 0) { + throw new GSSException(GSSException.BAD_NAME); + } byte[] mechPortion = new byte[mechPortionLen]; System.arraycopy(nameVal, pos, mechPortion, 0, mechPortionLen); return mechPortion;
--- a/src/share/classes/sun/security/krb5/internal/ccache/CCacheInputStream.java Tue Oct 21 13:12:24 2014 -0700 +++ b/src/share/classes/sun/security/krb5/internal/ccache/CCacheInputStream.java Mon Oct 27 12:35:54 2014 -0700 @@ -123,7 +123,7 @@ } else { type = read(4); } - length = read(4); + length = readLength4(); String[] result = new String[length + 1]; /* * DCE includes the principal's realm in the count; the new format @@ -132,7 +132,7 @@ if (version == KRB5_FCC_FVNO_1) length--; for (int i = 0; i <= length; i++) { - namelength = read(4); + namelength = readLength4(); if (namelength > MAXNAMELENGTH) { throw new IOException("Invalid name length in principal name."); } @@ -182,7 +182,7 @@ keyType = read(2); if (version == KRB5_FCC_FVNO_3) read(2); /* keytype recorded twice in fvno 3 */ - keyLen = read(4); + keyLen = readLength4(); byte[] bytes = new byte[keyLen]; for (int i = 0; i < keyLen; i++) { bytes[i] = (byte)read(); @@ -208,12 +208,12 @@ HostAddress[] readAddr() throws IOException, KrbApErrException { int numAddrs, addrType, addrLength; - numAddrs = read(4); + numAddrs = readLength4(); if (numAddrs > 0) { HostAddress[] addrs = new HostAddress[numAddrs]; for (int i = 0; i < numAddrs; i++) { addrType = read(2); - addrLength = read(4); + addrLength = readLength4(); if (!(addrLength == 4 || addrLength == 16)) { if (DEBUG) { System.out.println("Incorrect address format."); @@ -232,13 +232,13 @@ AuthorizationDataEntry[] readAuth() throws IOException { int num, adtype, adlength; - num = read(4); + num = readLength4(); if (num > 0) { AuthorizationDataEntry[] auData = new AuthorizationDataEntry[num]; byte[] data = null; for (int i = 0; i < num; i++) { adtype = read(2); - adlength = read(4); + adlength = readLength4(); data = new byte[adlength]; for (int j = 0; j < adlength; j++) { data[j] = (byte)read(); @@ -252,7 +252,7 @@ byte[] readData() throws IOException { int length; - length = read(4); + length = readLength4(); if (length == 0) { return null; } else {
--- a/src/share/classes/sun/security/krb5/internal/ccache/FileCredentialsCache.java Tue Oct 21 13:12:24 2014 -0700 +++ b/src/share/classes/sun/security/krb5/internal/ccache/FileCredentialsCache.java Mon Oct 27 12:35:54 2014 -0700 @@ -154,44 +154,44 @@ throws IOException, KrbException { primaryPrincipal = principal; primaryRealm = principal.getRealm(); - CCacheOutputStream cos = - new CCacheOutputStream(new FileOutputStream(name)); - version = KRB5_FCC_FVNO_3; - cos.writeHeader(primaryPrincipal, version); - cos.close(); + try (FileOutputStream fos = new FileOutputStream(name); + CCacheOutputStream cos = new CCacheOutputStream(fos)) { + version = KRB5_FCC_FVNO_3; + cos.writeHeader(primaryPrincipal, version); + } load(name); } synchronized void load(String name) throws IOException, KrbException { PrincipalName p; - CCacheInputStream cis = - new CCacheInputStream(new FileInputStream(name)); - version = cis.readVersion(); - if (version == KRB5_FCC_FVNO_4) { - tag = cis.readTag(); - } else { - tag = null; - if (version == KRB5_FCC_FVNO_1 || version == KRB5_FCC_FVNO_2) { - cis.setNativeByteOrder(); + try (FileInputStream fis = new FileInputStream(name); + CCacheInputStream cis = new CCacheInputStream(fis)) { + version = cis.readVersion(); + if (version == KRB5_FCC_FVNO_4) { + tag = cis.readTag(); + } else { + tag = null; + if (version == KRB5_FCC_FVNO_1 || version == KRB5_FCC_FVNO_2) { + cis.setNativeByteOrder(); + } + } + p = cis.readPrincipal(version); + + if (primaryPrincipal != null) { + if (!(primaryPrincipal.match(p))) { + throw new IOException("Primary principals don't match."); + } + } else + primaryPrincipal = p; + primaryRealm = primaryPrincipal.getRealm(); + credentialsList = new Vector<Credentials>(); + while (cis.available() > 0) { + Credentials cred = cis.readCred(version); + if (cred != null) { + credentialsList.addElement(cred); + } } } - p = cis.readPrincipal(version); - - if (primaryPrincipal != null) { - if (!(primaryPrincipal.match(p))) { - throw new IOException("Primary principals don't match."); - } - } else - primaryPrincipal = p; - primaryRealm = primaryPrincipal.getRealm(); - credentialsList = new Vector<Credentials> (); - while (cis.available() > 0) { - Credentials cred = cis.readCred(version); - if (cred != null) { - credentialsList.addElement(cred); - } - } - cis.close(); } @@ -250,16 +250,16 @@ * Saves the credentials cache file to the disk. */ public synchronized void save() throws IOException, Asn1Exception { - CCacheOutputStream cos - = new CCacheOutputStream(new FileOutputStream(cacheName)); - cos.writeHeader(primaryPrincipal, version); - Credentials[] tmp = null; - if ((tmp = getCredsList()) != null) { - for (int i = 0; i < tmp.length; i++) { - cos.addCreds(tmp[i]); + try (FileOutputStream fos = new FileOutputStream(cacheName); + CCacheOutputStream cos = new CCacheOutputStream(fos)) { + cos.writeHeader(primaryPrincipal, version); + Credentials[] tmp = null; + if ((tmp = getCredsList()) != null) { + for (int i = 0; i < tmp.length; i++) { + cos.addCreds(tmp[i]); + } } } - cos.close(); } boolean match(String[] s1, String[] s2) {
--- a/src/share/classes/sun/security/krb5/internal/util/KrbDataInputStream.java Tue Oct 21 13:12:24 2014 -0700 +++ b/src/share/classes/sun/security/krb5/internal/util/KrbDataInputStream.java Mon Oct 27 12:35:54 2014 -0700 @@ -56,15 +56,33 @@ public KrbDataInputStream(InputStream is){ super(is); } + + /** + * Reads a length value which is represented in 4 bytes from + * this input stream. The value must be positive. + * @return the length value represented by this byte array. + * @throws IOException if there are not enough bytes or it represents + * a negative value + */ + final public int readLength4() throws IOException { + int len = read(4); + if (len < 0) { + throw new IOException("Invalid encoding"); + } + return len; + } + /** * Reads up to the specific number of bytes from this input stream. * @param num the number of bytes to be read. * @return the int value of this byte array. - * @exception IOException. + * @throws IOException if there are not enough bytes */ - public int read(int num) throws IOException{ + public int read(int num) throws IOException { byte[] bytes = new byte[num]; - read(bytes, 0, num); + if (read(bytes, 0, num) != num) { + throw new IOException("Premature end of stream reached"); + } int result = 0; for (int i = 0; i < num; i++) { if (bigEndian) {