Skip to content

D
dragonwell11

openanolis / dragonwell11

通知 7
Star 2
Fork 0
D
dragonwell11

体验新版 GitCode,发现更多精彩内容 >>

提交 5cea3707 编写于 作者: W weijun
浏览文件
操作

6880321: sun.security.provider.JavaKeyStore abuse of OOM Exception handling 

Reviewed-by: xuelei
上级 2064bbe0
显示空白变更内容
内联 并排
Showing with 30 addition and 46 deletion
jdk/src/share/classes/sun/security/provider/JavaKeyStore.java
浏览文件 @ 5cea3707
...@@ -29,9 +29,9 @@ import java.io.*; ...@@ -29,9 +29,9 @@ import java.io.*;
import java.security.*; import java.security.*;
import java.security.cert.Certificate; import java.security.cert.Certificate;
import java.security.cert.CertificateFactory; import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.security.cert.CertificateException; import java.security.cert.CertificateException;
import java.util.*; import java.util.*;
import sun.misc.IOUtils;
import sun.security.pkcs.EncryptedPrivateKeyInfo; import sun.security.pkcs.EncryptedPrivateKeyInfo;
...@@ -677,23 +677,14 @@ abstract class JavaKeyStore extends KeyStoreSpi { ...@@ -677,23 +677,14 @@ abstract class JavaKeyStore extends KeyStoreSpi {
entry.date = new Date(dis.readLong()); entry.date = new Date(dis.readLong());
// Read the private key // Read the private key
try { entry.protectedPrivKey =
entry.protectedPrivKey = new byte[dis.readInt()]; IOUtils.readFully(dis, dis.readInt(), true);
} catch (OutOfMemoryError e) {
throw new IOException("Keysize too big");
}
dis.readFully(entry.protectedPrivKey);
// Read the certificate chain // Read the certificate chain
int numOfCerts = dis.readInt(); int numOfCerts = dis.readInt();
try {
if (numOfCerts > 0) { if (numOfCerts > 0) {
entry.chain = new Certificate[numOfCerts]; List<Certificate> certs = new ArrayList<>(
} numOfCerts > 10 ? 10 : numOfCerts);
} catch (OutOfMemoryError e) {
throw new IOException
("Too many certificates in chain");
}
for (int j = 0; j < numOfCerts; j++) { for (int j = 0; j < numOfCerts; j++) {
if (xVersion == 2) { if (xVersion == 2) {
// read the certificate type, and instantiate a // read the certificate type, and instantiate a
...@@ -712,16 +703,14 @@ abstract class JavaKeyStore extends KeyStoreSpi { ...@@ -712,16 +703,14 @@ abstract class JavaKeyStore extends KeyStoreSpi {
} }
} }
// instantiate the certificate // instantiate the certificate
try { encoded = IOUtils.readFully(dis, dis.readInt(), true);
encoded = new byte[dis.readInt()];
} catch (OutOfMemoryError e) {
throw new IOException("Certificate too big");
}
dis.readFully(encoded);
bais = new ByteArrayInputStream(encoded); bais = new ByteArrayInputStream(encoded);
entry.chain[j] = cf.generateCertificate(bais); certs.add(cf.generateCertificate(bais));
bais.close(); bais.close();
} }
// We can be sure now that numOfCerts of certs are read
entry.chain = certs.toArray(new Certificate[numOfCerts]);
}
// Add the entry to the list // Add the entry to the list
entries.put(alias, entry); entries.put(alias, entry);
...@@ -753,12 +742,7 @@ abstract class JavaKeyStore extends KeyStoreSpi { ...@@ -753,12 +742,7 @@ abstract class JavaKeyStore extends KeyStoreSpi {
cfs.put(certType, cf); cfs.put(certType, cf);
} }
} }
try { encoded = IOUtils.readFully(dis, dis.readInt(), true);
encoded = new byte[dis.readInt()];
} catch (OutOfMemoryError e) {
throw new IOException("Certificate too big");
}
dis.readFully(encoded);
bais = new ByteArrayInputStream(encoded); bais = new ByteArrayInputStream(encoded);
entry.cert = cf.generateCertificate(bais); entry.cert = cf.generateCertificate(bais);
bais.close(); bais.close();
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册