--- a/src/java.base/share/classes/java/security/CodeSource.java Wed Jul 05 17:27:46 2017 +0100
+++ b/src/java.base/share/classes/java/security/CodeSource.java Thu Jul 06 09:20:21 2017 +0800
@@ -35,6 +35,7 @@
import java.io.IOException;
import java.security.cert.*;
import sun.net.util.URLUtil;
+import sun.security.util.IOUtils;
/**
*
@@ -571,6 +572,8 @@
// could all be present in the stream at the same time
cfs = new Hashtable<>(3);
certList = new ArrayList<>(size > 20 ? 20 : size);
+ } else if (size < 0) {
+ throw new IOException("size cannot be negative");
}
for (int i = 0; i < size; i++) {
@@ -592,13 +595,7 @@
cfs.put(certType, cf);
}
// parse the certificate
- byte[] encoded = null;
- try {
- encoded = new byte[ois.readInt()];
- } catch (OutOfMemoryError oome) {
- throw new IOException("Certificate too big");
- }
- ois.readFully(encoded);
+ byte[] encoded = IOUtils.readNBytes(ois, ois.readInt());
ByteArrayInputStream bais = new ByteArrayInputStream(encoded);
try {
certList.add(cf.generateCertificate(bais));