# HG changeset patch
# User ascarpino
# Date 1479405070 28800
# Node ID c0f498d6a804cfd6482e0755dea4094b0e24fcd9
# Parent  f3d46da34ae957b5bfa6bcb89f68c25d3a695912
8168705: Better ObjectIdentifier validation
Reviewed-by: mullan, asmotrak, ahgross

diff -r f3d46da34ae9 -r c0f498d6a804 jdk/src/java.base/share/classes/sun/security/util/ObjectIdentifier.java
--- a/jdk/src/java.base/share/classes/sun/security/util/ObjectIdentifier.java	Thu Nov 17 16:59:18 2016 +0000
+++ b/jdk/src/java.base/share/classes/sun/security/util/ObjectIdentifier.java	Thu Nov 17 09:51:10 2016 -0800
@@ -255,7 +255,13 @@
                 + " (tag = " +  type_id + ")"
                 );
 
-        encoding = new byte[in.getDefiniteLength()];
+        int len = in.getDefiniteLength();
+        if (len > in.available()) {
+            throw new IOException("ObjectIdentifier() -- length exceeds" +
+                    "data available.  Length: " + len + ", Available: " +
+                    in.available());
+        }
+        encoding = new byte[len];
         in.getBytes(encoding);
         check(encoding);
     }