Mercurial > hg > release > icedtea7-forest-2.6 > jdk
changeset 9953:e1e2c267ee83
8234042: Better factory production of certificates
Reviewed-by: weijun, rhalade, mschoene
author | mullan |
---|---|
date | Fri, 17 Jan 2020 08:04:14 -0500 |
parents | 9fbd9d903d2f |
children | 28ed736f2e85 |
files | src/macosx/classes/apple/security/KeychainStore.java src/share/classes/sun/security/pkcs/ContentInfo.java src/share/classes/sun/security/pkcs/SignerInfo.java src/share/classes/sun/security/pkcs12/MacData.java src/share/classes/sun/security/pkcs12/PKCS12Attribute.java src/share/classes/sun/security/pkcs12/PKCS12KeyStore.java src/share/classes/sun/security/provider/certpath/OCSPResponse.java |
diffstat | 7 files changed, 49 insertions(+), 10 deletions(-) [+] |
line wrap: on
line diff
--- a/src/macosx/classes/apple/security/KeychainStore.java Tue Feb 11 16:28:38 2020 -0800 +++ b/src/macosx/classes/apple/security/KeychainStore.java Fri Jan 17 08:04:14 2020 -0500 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2011, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2011, 2020, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -203,6 +203,9 @@ // Get the Algorithm ID next DerValue[] value = in.getSequence(2); + if (value.length < 1 || value.length > 2) { + throw new IOException("Invalid length for AlgorithmIdentifier"); + } AlgorithmId algId = new AlgorithmId(value[0].getOID()); String algName = algId.getName();
--- a/src/share/classes/sun/security/pkcs/ContentInfo.java Tue Feb 11 16:28:38 2020 -0800 +++ b/src/share/classes/sun/security/pkcs/ContentInfo.java Fri Jan 17 08:04:14 2020 -0500 @@ -1,5 +1,5 @@ /* - * Copyright (c) 1996, 2011, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 1996, 2020, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -130,6 +130,9 @@ DerValue[] contents; typeAndContent = derin.getSequence(2); + if (typeAndContent.length < 1 || typeAndContent.length > 2) { + throw new ParsingException("Invalid length for ContentInfo"); + } // Parse the content type type = typeAndContent[0]; @@ -149,6 +152,9 @@ disTaggedContent = new DerInputStream(taggedContent.toByteArray()); contents = disTaggedContent.getSet(1, true); + if (contents.length != 1) { + throw new ParsingException("ContentInfo encoding error"); + } content = contents[0]; } }
--- a/src/share/classes/sun/security/pkcs/SignerInfo.java Tue Feb 11 16:28:38 2020 -0800 +++ b/src/share/classes/sun/security/pkcs/SignerInfo.java Fri Jan 17 08:04:14 2020 -0500 @@ -1,5 +1,5 @@ /* - * Copyright (c) 1996, 2017, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 1996, 2020, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -151,6 +151,9 @@ // issuerAndSerialNumber DerValue[] issuerAndSerialNumber = derin.getSequence(2); + if (issuerAndSerialNumber.length != 2) { + throw new ParsingException("Invalid length for IssuerAndSerialNumber"); + } byte[] issuerBytes = issuerAndSerialNumber[0].toByteArray(); issuerName = new X500Name(new DerValue(DerValue.tag_Sequence, issuerBytes));
--- a/src/share/classes/sun/security/pkcs12/MacData.java Tue Feb 11 16:28:38 2020 -0800 +++ b/src/share/classes/sun/security/pkcs12/MacData.java Fri Jan 17 08:04:14 2020 -0500 @@ -1,5 +1,5 @@ /* - * Copyright (c) 1999, 2007, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 1999, 2020, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -59,10 +59,16 @@ throws IOException, ParsingException { DerValue[] macData = derin.getSequence(2); + if (macData.length < 2 || macData.length > 3) { + throw new ParsingException("Invalid length for MacData"); + } // Parse the digest info DerInputStream digestIn = new DerInputStream(macData[0].toByteArray()); DerValue[] digestInfo = digestIn.getSequence(2); + if (digestInfo.length != 2) { + throw new ParsingException("Invalid length for DigestInfo"); + } // Parse the DigestAlgorithmIdentifier. AlgorithmId digestAlgorithmId = AlgorithmId.parse(digestInfo[0]);
--- a/src/share/classes/sun/security/pkcs12/PKCS12Attribute.java Tue Feb 11 16:28:38 2020 -0800 +++ b/src/share/classes/sun/security/pkcs12/PKCS12Attribute.java Fri Jan 17 08:04:14 2020 -0500 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2013, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2013, 2020, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -250,6 +250,9 @@ private void parse(byte[] encoded) throws IOException { DerInputStream attributeValue = new DerInputStream(encoded); DerValue[] attrSeq = attributeValue.getSequence(2); + if (attrSeq.length != 2) { + throw new IOException("Invalid length for PKCS12Attribute"); + } ObjectIdentifier type = attrSeq[0].getOID(); DerInputStream attrContent = new DerInputStream(attrSeq[1].toByteArray());
--- a/src/share/classes/sun/security/pkcs12/PKCS12KeyStore.java Tue Feb 11 16:28:38 2020 -0800 +++ b/src/share/classes/sun/security/pkcs12/PKCS12KeyStore.java Fri Jan 17 08:04:14 2020 -0500 @@ -1,5 +1,5 @@ /* - * Copyright (c) 1999, 2017, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 1999, 2020, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -378,6 +378,9 @@ DerInputStream in = val.toDerInputStream(); int i = in.getInteger(); DerValue[] value = in.getSequence(2); + if (value.length < 1 || value.length > 2) { + throw new IOException("Invalid length for AlgorithmIdentifier"); + } AlgorithmId algId = new AlgorithmId(value[0].getOID()); String keyAlgo = algId.getName(); @@ -1915,11 +1918,17 @@ DerInputStream edi = safeContents.getContent().toDerInputStream(); int edVersion = edi.getInteger(); - DerValue[] seq = edi.getSequence(2); + DerValue[] seq = edi.getSequence(3); + if (seq.length != 3) { + // We require the encryptedContent field, even though + // it is optional + throw new IOException("Invalid length for EncryptedContentInfo"); + } ObjectIdentifier edContentType = seq[0].getOID(); eAlgId = seq[1].toByteArray(); if (!seq[2].isContextSpecific((byte)0)) { - throw new IOException("encrypted content not present!"); + throw new IOException("unsupported encrypted content type " + + seq[2].tag); } byte newTag = DerValue.tag_OctetString; if (seq[2].isConstructed()) @@ -2142,6 +2151,9 @@ } else if (bagId.equals((Object)CertBag_OID)) { DerInputStream cs = new DerInputStream(bagValue.toByteArray()); DerValue[] certValues = cs.getSequence(2); + if (certValues.length != 2) { + throw new IOException("Invalid length for CertBag"); + } ObjectIdentifier certId = certValues[0].getOID(); if (!certValues[1].isContextSpecific((byte)0)) { throw new IOException("unsupported PKCS12 cert value type " @@ -2157,6 +2169,9 @@ } else if (bagId.equals((Object)SecretBag_OID)) { DerInputStream ss = new DerInputStream(bagValue.toByteArray()); DerValue[] secretValues = ss.getSequence(2); + if (secretValues.length != 2) { + throw new IOException("Invalid length for SecretBag"); + } ObjectIdentifier secretId = secretValues[0].getOID(); if (!secretValues[1].isContextSpecific((byte)0)) { throw new IOException( @@ -2195,6 +2210,9 @@ byte[] encoded = attrSet[j].toByteArray(); DerInputStream as = new DerInputStream(encoded); DerValue[] attrSeq = as.getSequence(2); + if (attrSeq.length != 2) { + throw new IOException("Invalid length for Attribute"); + } ObjectIdentifier attrId = attrSeq[0].getOID(); DerInputStream vs = new DerInputStream(attrSeq[1].toByteArray());
--- a/src/share/classes/sun/security/provider/certpath/OCSPResponse.java Tue Feb 11 16:28:38 2020 -0800 +++ b/src/share/classes/sun/security/provider/certpath/OCSPResponse.java Fri Jan 17 08:04:14 2020 -0500 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2003, 2017, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2003, 2020, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -261,7 +261,7 @@ DerInputStream basicOCSPResponse = new DerInputStream(derIn.getOctetString()); - DerValue[] seqTmp = basicOCSPResponse.getSequence(2); + DerValue[] seqTmp = basicOCSPResponse.getSequence(3); if (seqTmp.length < 3) { throw new IOException("Unexpected BasicOCSPResponse value"); }