# HG changeset patch
# User apetcher
# Date 1501266043 0
# Node ID 950cb68f9d82942bc6c39408ae8f7bf6b66385b3
# Parent  0255315ac8d42de1490c458f101893a8261d45b9
8182387: Improve PKCS usage
Reviewed-by: valeriep

diff -r 0255315ac8d4 -r 950cb68f9d82 src/java.base/share/classes/sun/security/util/DerValue.java
--- a/src/java.base/share/classes/sun/security/util/DerValue.java	Sun Jul 23 10:33:13 2017 +0530
+++ b/src/java.base/share/classes/sun/security/util/DerValue.java	Fri Jul 28 18:20:43 2017 +0000
@@ -490,20 +490,27 @@
      * @return the octet string held in this DER value
      */
     public byte[] getOctetString() throws IOException {
-        byte[] bytes;
 
         if (tag != tag_OctetString && !isConstructed(tag_OctetString)) {
             throw new IOException(
                 "DerValue.getOctetString, not an Octet String: " + tag);
         }
-        bytes = new byte[length];
-        // Note: do not tempt to call buffer.read(bytes) at all. There's a
+        // Note: do not attempt to call buffer.read(bytes) at all. There's a
         // known bug that it returns -1 instead of 0.
         if (length == 0) {
-            return bytes;
+            return new byte[0];
         }
-        if (buffer.read(bytes) != length)
+
+        // Only allocate the array if there are enough bytes available.
+        // This only works for ByteArrayInputStream.
+        // The assignment below ensures that buffer has the required type.
+        ByteArrayInputStream arrayInput = buffer;
+        if (arrayInput.available() < length) {
             throw new IOException("short read on DerValue buffer");
+        }
+        byte[] bytes = new byte[length];
+        arrayInput.read(bytes);
+
         if (isConstructed()) {
             DerInputStream in = new DerInputStream(bytes, 0, bytes.length,
                 buffer.allowBER);