Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
openanolis
dragonwell8_jdk
提交
50874d19
D
dragonwell8_jdk
项目概览
openanolis
/
dragonwell8_jdk
通知
4
Star
2
Fork
0
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Issue
0
列表
看板
标记
里程碑
合并请求
0
Wiki
0
Wiki
分析
仓库
DevOps
项目成员
Pages
D
dragonwell8_jdk
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Issue
0
Issue
0
列表
看板
标记
里程碑
合并请求
0
合并请求
0
Pages
分析
分析
仓库分析
DevOps
Wiki
0
Wiki
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
创建新Issue
提交
Issue看板
提交
50874d19
编写于
3月 15, 2017
作者:
I
igerasim
浏览文件
操作
浏览文件
下载
电子邮件补丁
差异文件
8169392: Additional jar validation steps
Reviewed-by: mullan, herrick, ahgross
上级
655050a6
变更
2
隐藏空白更改
内联
并排
Showing
2 changed file
with
14 addition
and
7 deletion
+14
-7
src/share/classes/java/util/jar/JarVerifier.java
src/share/classes/java/util/jar/JarVerifier.java
+7
-5
src/share/classes/sun/security/util/ManifestEntryVerifier.java
...hare/classes/sun/security/util/ManifestEntryVerifier.java
+7
-2
未找到文件。
src/share/classes/java/util/jar/JarVerifier.java
浏览文件 @
50874d19
/*
* Copyright (c) 1997, 201
3
, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 1997, 201
7
, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
...
...
@@ -180,10 +180,12 @@ class JarVerifier {
// only set the jev object for entries that have a signature
// (either verified or not)
if
(
sigFileSigners
.
get
(
name
)
!=
null
||
verifiedSigners
.
get
(
name
)
!=
null
)
{
mev
.
setEntry
(
name
,
je
);
return
;
if
(!
name
.
equals
(
JarFile
.
MANIFEST_NAME
))
{
if
(
sigFileSigners
.
get
(
name
)
!=
null
||
verifiedSigners
.
get
(
name
)
!=
null
)
{
mev
.
setEntry
(
name
,
je
);
return
;
}
}
// don't compute the digest for this entry
...
...
src/share/classes/sun/security/util/ManifestEntryVerifier.java
浏览文件 @
50874d19
/*
* Copyright (c) 1997, 201
3
, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 1997, 201
7
, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
...
...
@@ -107,6 +107,8 @@ public class ManifestEntryVerifier {
/* get the headers from the manifest for this entry */
/* if there aren't any, we can't verify any digests for this entry */
skip
=
false
;
Attributes
attr
=
man
.
getAttributes
(
name
);
if
(
attr
==
null
)
{
// ugh. we should be able to remove this at some point.
...
...
@@ -141,7 +143,6 @@ public class ManifestEntryVerifier {
}
if
(
digest
!=
null
)
{
skip
=
false
;
digest
.
reset
();
digests
.
add
(
digest
);
manifestHashes
.
add
(
...
...
@@ -197,6 +198,10 @@ public class ManifestEntryVerifier {
return
null
;
}
if
(
digests
.
isEmpty
())
{
throw
new
SecurityException
(
"digest missing for "
+
name
);
}
if
(
signers
!=
null
)
return
signers
;
...
...
编辑
预览
Markdown
is supported
0%
请重试
或
添加新附件
.
添加附件
取消
You are about to add
0
people
to the discussion. Proceed with caution.
先完成此消息的编辑!
取消
想要评论请
注册
或
登录