# HG changeset patch # User weijun # Date 1267670292 -28800 # Node ID 1abad76dc48178e53136b1a04cc1b5a8975d1917 # Parent 1268f09a31e361700e38c9fdd59cd8bdeb106f52 6880321: sun.security.provider.JavaKeyStore abuse of OOM Exception handling Reviewed-by: xuelei diff -r 1268f09a31e3 -r 1abad76dc481 jdk/src/share/classes/sun/security/provider/JavaKeyStore.java --- a/jdk/src/share/classes/sun/security/provider/JavaKeyStore.java Thu Mar 04 10:38:00 2010 +0800 +++ b/jdk/src/share/classes/sun/security/provider/JavaKeyStore.java Thu Mar 04 10:38:12 2010 +0800 @@ -29,9 +29,9 @@ import java.security.*; import java.security.cert.Certificate; import java.security.cert.CertificateFactory; -import java.security.cert.X509Certificate; import java.security.cert.CertificateException; import java.util.*; +import sun.misc.IOUtils; import sun.security.pkcs.EncryptedPrivateKeyInfo; @@ -677,50 +677,39 @@ entry.date = new Date(dis.readLong()); // Read the private key - try { - entry.protectedPrivKey = new byte[dis.readInt()]; - } catch (OutOfMemoryError e) { - throw new IOException("Keysize too big"); - } - dis.readFully(entry.protectedPrivKey); + entry.protectedPrivKey = + IOUtils.readFully(dis, dis.readInt(), true); // Read the certificate chain int numOfCerts = dis.readInt(); - try { - if (numOfCerts > 0) { - entry.chain = new Certificate[numOfCerts]; + if (numOfCerts > 0) { + List certs = new ArrayList<>( + numOfCerts > 10 ? 10 : numOfCerts); + for (int j = 0; j < numOfCerts; j++) { + if (xVersion == 2) { + // read the certificate type, and instantiate a + // certificate factory of that type (reuse + // existing factory if possible) + String certType = dis.readUTF(); + if (cfs.containsKey(certType)) { + // reuse certificate factory + cf = cfs.get(certType); + } else { + // create new certificate factory + cf = CertificateFactory.getInstance(certType); + // store the certificate factory so we can + // reuse it later + cfs.put(certType, cf); + } + } + // instantiate the certificate + encoded = IOUtils.readFully(dis, dis.readInt(), true); + bais = new ByteArrayInputStream(encoded); + certs.add(cf.generateCertificate(bais)); + bais.close(); } - } catch (OutOfMemoryError e) { - throw new IOException - ("Too many certificates in chain"); - } - for (int j = 0; j < numOfCerts; j++) { - if (xVersion == 2) { - // read the certificate type, and instantiate a - // certificate factory of that type (reuse - // existing factory if possible) - String certType = dis.readUTF(); - if (cfs.containsKey(certType)) { - // reuse certificate factory - cf = cfs.get(certType); - } else { - // create new certificate factory - cf = CertificateFactory.getInstance(certType); - // store the certificate factory so we can - // reuse it later - cfs.put(certType, cf); - } - } - // instantiate the certificate - try { - encoded = new byte[dis.readInt()]; - } catch (OutOfMemoryError e) { - throw new IOException("Certificate too big"); - } - dis.readFully(encoded); - bais = new ByteArrayInputStream(encoded); - entry.chain[j] = cf.generateCertificate(bais); - bais.close(); + // We can be sure now that numOfCerts of certs are read + entry.chain = certs.toArray(new Certificate[numOfCerts]); } // Add the entry to the list @@ -753,12 +742,7 @@ cfs.put(certType, cf); } } - try { - encoded = new byte[dis.readInt()]; - } catch (OutOfMemoryError e) { - throw new IOException("Certificate too big"); - } - dis.readFully(encoded); + encoded = IOUtils.readFully(dis, dis.readInt(), true); bais = new ByteArrayInputStream(encoded); entry.cert = cf.generateCertificate(bais); bais.close();