From cb05cf0ee4c19ddb2194b38becd99fdfd50749e0 Mon Sep 17 00:00:00 2001 From: weijun Date: Wed, 6 Aug 2008 08:11:49 +0800 Subject: [PATCH] 6731685: CertificateFactory.generateCertificates throws IOException on PKCS7 cert chain Reviewed-by: mullan --- .../security/util/DerIndefLenConverter.java | 15 ++++++- .../security/util/DerValue/Indefinite.java | 44 +++++++++++++++++++ 2 files changed, 57 insertions(+), 2 deletions(-) create mode 100644 test/sun/security/util/DerValue/Indefinite.java diff --git a/src/share/classes/sun/security/util/DerIndefLenConverter.java b/src/share/classes/sun/security/util/DerIndefLenConverter.java index 20a574545..c94f943b8 100644 --- a/src/share/classes/sun/security/util/DerIndefLenConverter.java +++ b/src/share/classes/sun/security/util/DerIndefLenConverter.java @@ -1,5 +1,5 @@ /* - * Copyright 1998-2006 Sun Microsystems, Inc. All Rights Reserved. + * Copyright 1998-2008 Sun Microsystems, Inc. All Rights Reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -50,6 +50,7 @@ class DerIndefLenConverter { private byte[] data, newData; private int newDataPos, dataPos, dataSize, index; + private int unresolved = 0; private ArrayList ndefsList = new ArrayList(); @@ -113,6 +114,7 @@ class DerIndefLenConverter { numOfEncapsulatedLenBytes; byte[] sectionLenBytes = getLengthBytes(sectionLen); ndefsList.set(index, sectionLenBytes); + unresolved--; // Add the number of bytes required to represent this section // to the total number of length bytes, @@ -149,6 +151,7 @@ class DerIndefLenConverter { int lenByte = data[dataPos++] & 0xff; if (isIndefinite(lenByte)) { ndefsList.add(new Integer(dataPos)); + unresolved++; return curLen; } if (isLongForm(lenByte)) { @@ -308,15 +311,21 @@ class DerIndefLenConverter { dataPos=0; index=0; dataSize = data.length; int len=0; + int unused = 0; // parse and set up the vectors of all the indefinite-lengths while (dataPos < dataSize) { parseTag(); len = parseLength(); parseValue(len); + if (unresolved == 0) { + unused = dataSize - dataPos; + dataSize = dataPos; + break; + } } - newData = new byte[dataSize + numOfTotalLenBytes]; + newData = new byte[dataSize + numOfTotalLenBytes + unused]; dataPos=0; newDataPos=0; index=0; // write out the new byte array replacing all the indefinite-lengths @@ -325,6 +334,8 @@ class DerIndefLenConverter { writeTag(); writeLengthAndValue(); } + System.arraycopy(indefData, dataSize, + newData, dataSize + numOfTotalLenBytes, unused); return newData; } diff --git a/test/sun/security/util/DerValue/Indefinite.java b/test/sun/security/util/DerValue/Indefinite.java new file mode 100644 index 000000000..e6ba2f067 --- /dev/null +++ b/test/sun/security/util/DerValue/Indefinite.java @@ -0,0 +1,44 @@ +/* + * Copyright 2008 Sun Microsystems, Inc. All Rights Reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa Clara, + * CA 95054 USA or visit www.sun.com if you need additional information or + * have any questions. + */ + +/* + * @test + * @bug 6731685 + * @summary CertificateFactory.generateCertificates throws IOException on PKCS7 cert chain + */ + +import java.io.*; +import sun.security.util.*; + +public class Indefinite { + + public static void main(String[] args) throws Exception { + byte[] input = { + // An OCTET-STRING in 2 parts + 4, (byte)0x80, 4, 2, 'a', 'b', 4, 2, 'c', 'd', 0, 0, + // Garbage follows, may be falsely recognized as EOC + 0, 0, 0, 0 + }; + new DerValue(new ByteArrayInputStream(input)); + } +} -- GitLab