Somebody was forgetting to close the stream and the resulting signature was...

Somebody was forgetting to close the stream and the resulting signature was therefore at the mercy of the buffer's flush in order to determine whether the signature was correct or not.

Somebody was forgetting to close the stream and the resulting signature was...
Somebody was forgetting to close the stream and the resulting signature was therefore at the mercy of the buffer's flush in order to determine whether the signature was correct or not.
1eb0c64a · Stephen Connolly · 7f62a91a · 1eb0c64a
隐藏空白更改
内联并排

Showing with 1 addition and 1 deletion

core/src/main/java/hudson/model/UpdateSite.java core/src/main/java/hudson/model/UpdateSite.java +1 -1

未找到文件。
--- a/core/src/main/java/hudson/model/UpdateSite.java
+++ b/core/src/main/java/hudson/model/UpdateSite.java
@@ -212,7 +212,7 @@ public class UpdateSite {
            sig.initVerify(certs.get(0));
            SignatureOutputStream sos = new SignatureOutputStream(sig);

-            o.writeCanonical(new OutputStreamWriter(new TeeOutputStream(dos,sos),"UTF-8"));
+            o.writeCanonical(new OutputStreamWriter(new TeeOutputStream(dos,sos),"UTF-8")).close();

            // did the digest match? this is not a part of the signature validation, but if we have a bug in the c14n
            // (which is more likely than someone tampering with update center), we can tell