--- a/jdk/src/jdk.crypto.ec/share/classes/sun/security/ec/ECDSASignature.java Fri Jul 22 14:38:33 2016 +0200
+++ b/jdk/src/jdk.crypto.ec/share/classes/sun/security/ec/ECDSASignature.java Fri Jul 22 16:05:23 2016 +0100
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2009, 2015, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2009, 2016, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -25,6 +25,7 @@
package sun.security.ec;
+import java.io.IOException;
import java.nio.ByteBuffer;
import java.math.BigInteger;
@@ -461,6 +462,11 @@
DerValue[] values = in.getSequence(2);
BigInteger r = values[0].getPositiveBigInteger();
BigInteger s = values[1].getPositiveBigInteger();
+
+ // Check for trailing signature data
+ if (in.available() != 0) {
+ throw new IOException("Incorrect signature length");
+ }
// trim leading zeroes
byte[] rBytes = trimZeroes(r.toByteArray());
byte[] sBytes = trimZeroes(s.toByteArray());