Mercurial > hg > release > icedtea7-forest-2.6 > jdk
changeset 8335:1964c973dcc1 jdk7u75-b04
8059485: Resolve parsing ambiguity
Reviewed-by: mullan, vinnie
author | igerasim |
---|---|
date | Mon, 13 Oct 2014 10:19:35 +0400 |
parents | 7c18e8582dec |
children | 9451b685ed83 |
files | src/share/classes/com/sun/jndi/ldap/BerDecoder.java src/share/classes/sun/security/util/DerIndefLenConverter.java src/share/classes/sun/security/util/DerInputStream.java |
diffstat | 3 files changed, 23 insertions(+), 5 deletions(-) [+] |
line wrap: on
line diff
--- a/src/share/classes/com/sun/jndi/ldap/BerDecoder.java Wed Oct 08 11:05:31 2014 +0400 +++ b/src/share/classes/com/sun/jndi/ldap/BerDecoder.java Mon Oct 13 10:19:35 2014 +0400 @@ -95,6 +95,9 @@ for( int i = 0; i < lengthbyte; i++) { retval = (retval << 8) + (buf[offset++] & 0xff); } + if (retval < 0) { + throw new DecodeException("Invalid length bytes"); + } return retval; } else { return lengthbyte;
--- a/src/share/classes/sun/security/util/DerIndefLenConverter.java Wed Oct 08 11:05:31 2014 +0400 +++ b/src/share/classes/sun/security/util/DerIndefLenConverter.java Mon Oct 13 10:19:35 2014 +0400 @@ -156,12 +156,18 @@ } if (isLongForm(lenByte)) { lenByte &= LEN_MASK; - if (lenByte > 4) + if (lenByte > 4) { throw new IOException("Too much data"); - if ((dataSize - dataPos) < (lenByte + 1)) + } + if ((dataSize - dataPos) < (lenByte + 1)) { throw new IOException("Too little data"); - for (int i = 0; i < lenByte; i++) + } + for (int i = 0; i < lenByte; i++) { curLen = (curLen << 8) + (data[dataPos++] & 0xff); + } + if (curLen < 0) { + throw new IOException("Invalid length bytes"); + } } else { curLen = (lenByte & LEN_MASK); } @@ -188,10 +194,15 @@ } if (isLongForm(lenByte)) { lenByte &= LEN_MASK; - for (int i = 0; i < lenByte; i++) + for (int i = 0; i < lenByte; i++) { curLen = (curLen << 8) + (data[dataPos++] & 0xff); - } else + } + if (curLen < 0) { + throw new IOException("Invalid length bytes"); + } + } else { curLen = (lenByte & LEN_MASK); + } writeLength(curLen); writeValue(curLen); }
--- a/src/share/classes/sun/security/util/DerInputStream.java Wed Oct 08 11:05:31 2014 +0400 +++ b/src/share/classes/sun/security/util/DerInputStream.java Mon Oct 13 10:19:35 2014 +0400 @@ -566,6 +566,10 @@ value <<= 8; value += 0x0ff & in.read(); } + if (value < 0) { + throw new IOException("DerInputStream.getLength(): " + + "Invalid length bytes"); + } } return value; }