Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
openanolis
dragonwell8_jdk
提交
6ff7e27a
D
dragonwell8_jdk
项目概览
openanolis
/
dragonwell8_jdk
通知
4
Star
2
Fork
0
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Issue
0
列表
看板
标记
里程碑
合并请求
0
Wiki
0
Wiki
分析
仓库
DevOps
项目成员
Pages
D
dragonwell8_jdk
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Issue
0
Issue
0
列表
看板
标记
里程碑
合并请求
0
合并请求
0
Pages
分析
分析
仓库分析
DevOps
Wiki
0
Wiki
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
创建新Issue
提交
Issue看板
提交
6ff7e27a
编写于
4月 10, 2020
作者:
X
xuelei
浏览文件
操作
浏览文件
下载
电子邮件补丁
差异文件
8236191: Enhance OID processing
Reviewed-by: jnimeh, weijun, ahgross, rhalade
上级
30e1bbbd
变更
1
显示空白变更内容
内联
并排
Showing
1 changed file
with
54 addition
and
9 deletion
+54
-9
src/share/classes/sun/security/util/ObjectIdentifier.java
src/share/classes/sun/security/util/ObjectIdentifier.java
+54
-9
未找到文件。
src/share/classes/sun/security/util/ObjectIdentifier.java
浏览文件 @
6ff7e27a
...
@@ -53,6 +53,26 @@ import java.util.Arrays;
...
@@ -53,6 +53,26 @@ import java.util.Arrays;
final
public
final
public
class
ObjectIdentifier
implements
Serializable
class
ObjectIdentifier
implements
Serializable
{
{
/*
* The maximum encoded OID length, excluding the ASN.1 encoding tag and
* length.
*
* In theory, there is no maximum size for OIDs. However, there are some
* limitation in practice.
*
* RFC 5280 mandates support for OIDs that have arc elements with values
* that are less than 2^28 (that is, they MUST be between 0 and
* 268,435,455, inclusive), and implementations MUST be able to handle
* OIDs with up to 20 elements (inclusive). Per RFC 5280, an encoded
* OID should be less than 80 bytes for safe interoperability.
*
* This class could be used for protocols other than X.509 certificates.
* To be safe, a relatively large but still reasonable value is chosen
* as the restriction in JDK.
*/
private
static
final
int
MAXIMUM_OID_SIZE
=
4096
;
// 2^12
/**
/**
* We use the DER value (no tag, no length) as the internal format
* We use the DER value (no tag, no length) as the internal format
* @serial
* @serial
...
@@ -115,7 +135,13 @@ class ObjectIdentifier implements Serializable
...
@@ -115,7 +135,13 @@ class ObjectIdentifier implements Serializable
if
(
componentLen
>
comp
.
length
)
{
if
(
componentLen
>
comp
.
length
)
{
componentLen
=
comp
.
length
;
componentLen
=
comp
.
length
;
}
}
// Check the estimated size before it is too later.
checkOidSize
(
componentLen
);
init
(
comp
,
componentLen
);
init
(
comp
,
componentLen
);
}
else
{
checkOidSize
(
encoding
.
length
);
}
}
}
}
...
@@ -198,6 +224,8 @@ class ObjectIdentifier implements Serializable
...
@@ -198,6 +224,8 @@ class ObjectIdentifier implements Serializable
}
}
start
=
end
+
1
;
start
=
end
+
1
;
count
++;
count
++;
checkOidSize
(
pos
);
}
while
(
end
!=
-
1
);
}
while
(
end
!=
-
1
);
checkCount
(
count
);
checkCount
(
count
);
...
@@ -260,11 +288,13 @@ class ObjectIdentifier implements Serializable
...
@@ -260,11 +288,13 @@ class ObjectIdentifier implements Serializable
);
);
int
len
=
in
.
getDefiniteLength
();
int
len
=
in
.
getDefiniteLength
();
checkOidSize
(
len
);
if
(
len
>
in
.
available
())
{
if
(
len
>
in
.
available
())
{
throw
new
IOException
(
"ObjectIdentifier
() -- length exceeds
"
+
throw
new
IOException
(
"ObjectIdentifier
length exceeds
"
+
"data available. Length: "
+
len
+
", Available: "
+
"data available. Length: "
+
len
+
", Available: "
+
in
.
available
());
in
.
available
());
}
}
encoding
=
new
byte
[
len
];
encoding
=
new
byte
[
len
];
in
.
getBytes
(
encoding
);
in
.
getBytes
(
encoding
);
check
(
encoding
);
check
(
encoding
);
...
@@ -278,26 +308,32 @@ class ObjectIdentifier implements Serializable
...
@@ -278,26 +308,32 @@ class ObjectIdentifier implements Serializable
ObjectIdentifier
(
DerInputBuffer
buf
)
throws
IOException
ObjectIdentifier
(
DerInputBuffer
buf
)
throws
IOException
{
{
DerInputStream
in
=
new
DerInputStream
(
buf
);
DerInputStream
in
=
new
DerInputStream
(
buf
);
encoding
=
new
byte
[
in
.
available
()];
int
len
=
in
.
available
();
checkOidSize
(
len
);
encoding
=
new
byte
[
len
];
in
.
getBytes
(
encoding
);
in
.
getBytes
(
encoding
);
check
(
encoding
);
check
(
encoding
);
}
}
private
void
init
(
int
[]
components
,
int
length
)
{
private
void
init
(
int
[]
components
,
int
length
)
throws
IOException
{
int
pos
=
0
;
int
pos
=
0
;
byte
[]
tmp
=
new
byte
[
length
*
5
+
1
];
// +1 for empty input
byte
[]
tmp
=
new
byte
[
length
*
5
+
1
];
// +1 for empty input
if
(
components
[
1
]
<
Integer
.
MAX_VALUE
-
components
[
0
]
*
40
)
if
(
components
[
1
]
<
Integer
.
MAX_VALUE
-
components
[
0
]
*
40
)
{
pos
+=
pack7Oid
(
components
[
0
]
*
40
+
components
[
1
],
tmp
,
pos
);
pos
+=
pack7Oid
(
components
[
0
]
*
40
+
components
[
1
],
tmp
,
pos
);
else
{
}
else
{
BigInteger
big
=
BigInteger
.
valueOf
(
components
[
1
]);
BigInteger
big
=
BigInteger
.
valueOf
(
components
[
1
]);
big
=
big
.
add
(
BigInteger
.
valueOf
(
components
[
0
]
*
40
));
big
=
big
.
add
(
BigInteger
.
valueOf
(
components
[
0
]
*
40
));
pos
+=
pack7Oid
(
big
,
tmp
,
pos
);
pos
+=
pack7Oid
(
big
,
tmp
,
pos
);
}
}
for
(
int
i
=
2
;
i
<
length
;
i
++)
{
for
(
int
i
=
2
;
i
<
length
;
i
++)
{
pos
+=
pack7Oid
(
components
[
i
],
tmp
,
pos
);
pos
+=
pack7Oid
(
components
[
i
],
tmp
,
pos
);
checkOidSize
(
pos
);
}
}
encoding
=
new
byte
[
pos
];
encoding
=
new
byte
[
pos
];
System
.
arraycopy
(
tmp
,
0
,
encoding
,
0
,
pos
);
System
.
arraycopy
(
tmp
,
0
,
encoding
,
0
,
pos
);
}
}
...
@@ -669,4 +705,13 @@ class ObjectIdentifier implements Serializable
...
@@ -669,4 +705,13 @@ class ObjectIdentifier implements Serializable
"oid component #"
+
(
i
+
1
)
+
" must be non-negative "
);
"oid component #"
+
(
i
+
1
)
+
" must be non-negative "
);
}
}
}
}
private
static
void
checkOidSize
(
int
oidLength
)
throws
IOException
{
if
(
oidLength
>
MAXIMUM_OID_SIZE
)
{
throw
new
IOException
(
"ObjectIdentifier encoded length exceeds "
+
"the restriction in JDK (OId length(>=): "
+
oidLength
+
", Restriction: "
+
MAXIMUM_OID_SIZE
+
")"
);
}
}
}
}
编辑
预览
Markdown
is supported
0%
请重试
或
添加新附件
.
添加附件
取消
You are about to add
0
people
to the discussion. Proceed with caution.
先完成此消息的编辑!
取消
想要评论请
注册
或
登录