--- a/jdk/src/share/classes/sun/security/provider/certpath/OCSPResponse.java	Tue Aug 18 16:53:23 2009 -0700
+++ b/jdk/src/share/classes/sun/security/provider/certpath/OCSPResponse.java	Tue Aug 18 20:47:13 2009 -0700
@@ -230,6 +230,11 @@
                 new DerInputStream(derIn.getOctetString());
 
             DerValue[]  seqTmp = basicOCSPResponse.getSequence(2);
+
+            if (seqTmp.length < 3) {
+                throw new IOException("Unexpected BasicOCSPResponse value");
+            }
+
             DerValue responseData = seqTmp[0];
 
             // Need the DER encoded ResponseData to verify the signature later
@@ -312,6 +317,9 @@
             // signatureAlgorithmId
             sigAlgId = AlgorithmId.parse(seqTmp[1]);
 
+            // check that the signature algorithm is not disabled.
+            AlgorithmChecker.check(sigAlgId);
+
             // signature
             byte[] signature = seqTmp[2].getBitString();
             X509CertImpl[] x509Certs = null;
@@ -345,6 +353,9 @@
                 } else if (cert.getIssuerX500Principal().equals(
                     responderCert.getSubjectX500Principal())) {
 
+                    // check the certificate algorithm
+                    AlgorithmChecker.check(cert);
+
                     // Check for the OCSPSigning key purpose
                     List<String> keyPurposes = cert.getExtendedKeyUsage();
                     if (keyPurposes == null ||