Mercurial > hg > release > icedtea7-forest-2.6 > jdk

--- a/src/macosx/classes/apple/security/KeychainStore.java	Tue Feb 11 16:28:38 2020 -0800
+++ b/src/macosx/classes/apple/security/KeychainStore.java	Fri Jan 17 08:04:14 2020 -0500
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2011, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2011, 2020, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -203,6 +203,9 @@

             // Get the Algorithm ID next
             DerValue[] value = in.getSequence(2);
+            if (value.length < 1 || value.length > 2) {
+                throw new IOException("Invalid length for AlgorithmIdentifier");
+            }
             AlgorithmId algId = new AlgorithmId(value[0].getOID());
             String algName = algId.getName();
--- a/src/share/classes/sun/security/pkcs/ContentInfo.java	Tue Feb 11 16:28:38 2020 -0800
+++ b/src/share/classes/sun/security/pkcs/ContentInfo.java	Fri Jan 17 08:04:14 2020 -0500
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1996, 2011, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1996, 2020, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -130,6 +130,9 @@
         DerValue[] contents;

         typeAndContent = derin.getSequence(2);
+        if (typeAndContent.length < 1 || typeAndContent.length > 2) {
+            throw new ParsingException("Invalid length for ContentInfo");
+        }

         // Parse the content type
         type = typeAndContent[0];
@@ -149,6 +152,9 @@
                 disTaggedContent
                     = new DerInputStream(taggedContent.toByteArray());
                 contents = disTaggedContent.getSet(1, true);
+                if (contents.length != 1) {
+                    throw new ParsingException("ContentInfo encoding error");
+                }
                 content = contents[0];
             }
         }
--- a/src/share/classes/sun/security/pkcs/SignerInfo.java	Tue Feb 11 16:28:38 2020 -0800
+++ b/src/share/classes/sun/security/pkcs/SignerInfo.java	Fri Jan 17 08:04:14 2020 -0500
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1996, 2017, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1996, 2020, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -151,6 +151,9 @@

         // issuerAndSerialNumber
         DerValue[] issuerAndSerialNumber = derin.getSequence(2);
+        if (issuerAndSerialNumber.length != 2) {
+            throw new ParsingException("Invalid length for IssuerAndSerialNumber");
+        }
         byte[] issuerBytes = issuerAndSerialNumber[0].toByteArray();
         issuerName = new X500Name(new DerValue(DerValue.tag_Sequence,
                                                issuerBytes));
--- a/src/share/classes/sun/security/pkcs12/MacData.java	Tue Feb 11 16:28:38 2020 -0800
+++ b/src/share/classes/sun/security/pkcs12/MacData.java	Fri Jan 17 08:04:14 2020 -0500
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1999, 2007, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1999, 2020, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -59,10 +59,16 @@
         throws IOException, ParsingException
     {
         DerValue[] macData = derin.getSequence(2);
+        if (macData.length < 2 || macData.length > 3) {
+            throw new ParsingException("Invalid length for MacData");
+        }

         // Parse the digest info
         DerInputStream digestIn = new DerInputStream(macData[0].toByteArray());
         DerValue[] digestInfo = digestIn.getSequence(2);
+        if (digestInfo.length != 2) {
+            throw new ParsingException("Invalid length for DigestInfo");
+        }

         // Parse the DigestAlgorithmIdentifier.
         AlgorithmId digestAlgorithmId = AlgorithmId.parse(digestInfo[0]);
--- a/src/share/classes/sun/security/pkcs12/PKCS12Attribute.java	Tue Feb 11 16:28:38 2020 -0800
+++ b/src/share/classes/sun/security/pkcs12/PKCS12Attribute.java	Fri Jan 17 08:04:14 2020 -0500
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2013, 2020, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -250,6 +250,9 @@
     private void parse(byte[] encoded) throws IOException {
         DerInputStream attributeValue = new DerInputStream(encoded);
         DerValue[] attrSeq = attributeValue.getSequence(2);
+        if (attrSeq.length != 2) {
+            throw new IOException("Invalid length for PKCS12Attribute");
+        }
         ObjectIdentifier type = attrSeq[0].getOID();
         DerInputStream attrContent =
             new DerInputStream(attrSeq[1].toByteArray());
--- a/src/share/classes/sun/security/pkcs12/PKCS12KeyStore.java	Tue Feb 11 16:28:38 2020 -0800
+++ b/src/share/classes/sun/security/pkcs12/PKCS12KeyStore.java	Fri Jan 17 08:04:14 2020 -0500
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1999, 2017, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1999, 2020, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -378,6 +378,9 @@
             DerInputStream in = val.toDerInputStream();
             int i = in.getInteger();
             DerValue[] value = in.getSequence(2);
+            if (value.length < 1 || value.length > 2) {
+                throw new IOException("Invalid length for AlgorithmIdentifier");
+            }
             AlgorithmId algId = new AlgorithmId(value[0].getOID());
             String keyAlgo = algId.getName();

@@ -1915,11 +1918,17 @@
                 DerInputStream edi =
                                 safeContents.getContent().toDerInputStream();
                 int edVersion = edi.getInteger();
-                DerValue[] seq = edi.getSequence(2);
+                DerValue[] seq = edi.getSequence(3);
+                if (seq.length != 3) {
+                    // We require the encryptedContent field, even though
+                    // it is optional
+                    throw new IOException("Invalid length for EncryptedContentInfo");
+                }
                 ObjectIdentifier edContentType = seq[0].getOID();
                 eAlgId = seq[1].toByteArray();
                 if (!seq[2].isContextSpecific((byte)0)) {
-                   throw new IOException("encrypted content not present!");
+                    throw new IOException("unsupported encrypted content type "
+                                          + seq[2].tag);
                 }
                 byte newTag = DerValue.tag_OctetString;
                 if (seq[2].isConstructed())
@@ -2142,6 +2151,9 @@
             } else if (bagId.equals((Object)CertBag_OID)) {
                 DerInputStream cs = new DerInputStream(bagValue.toByteArray());
                 DerValue[] certValues = cs.getSequence(2);
+                if (certValues.length != 2) {
+                    throw new IOException("Invalid length for CertBag");
+                }
                 ObjectIdentifier certId = certValues[0].getOID();
                 if (!certValues[1].isContextSpecific((byte)0)) {
                     throw new IOException("unsupported PKCS12 cert value type "
@@ -2157,6 +2169,9 @@
             } else if (bagId.equals((Object)SecretBag_OID)) {
                 DerInputStream ss = new DerInputStream(bagValue.toByteArray());
                 DerValue[] secretValues = ss.getSequence(2);
+                if (secretValues.length != 2) {
+                    throw new IOException("Invalid length for SecretBag");
+                }
                 ObjectIdentifier secretId = secretValues[0].getOID();
                 if (!secretValues[1].isContextSpecific((byte)0)) {
                     throw new IOException(
@@ -2195,6 +2210,9 @@
                     byte[] encoded = attrSet[j].toByteArray();
                     DerInputStream as = new DerInputStream(encoded);
                     DerValue[] attrSeq = as.getSequence(2);
+                    if (attrSeq.length != 2) {
+                        throw new IOException("Invalid length for Attribute");
+                    }
                     ObjectIdentifier attrId = attrSeq[0].getOID();
                     DerInputStream vs =
                         new DerInputStream(attrSeq[1].toByteArray());
--- a/src/share/classes/sun/security/provider/certpath/OCSPResponse.java	Tue Feb 11 16:28:38 2020 -0800
+++ b/src/share/classes/sun/security/provider/certpath/OCSPResponse.java	Fri Jan 17 08:04:14 2020 -0500
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2003, 2017, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2003, 2020, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -261,7 +261,7 @@
         DerInputStream basicOCSPResponse =
             new DerInputStream(derIn.getOctetString());

-        DerValue[] seqTmp = basicOCSPResponse.getSequence(2);
+        DerValue[] seqTmp = basicOCSPResponse.getSequence(3);
         if (seqTmp.length < 3) {
             throw new IOException("Unexpected BasicOCSPResponse value");
         }