Mercurial Mercurial > jdk-sandbox / changeset
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
8059485: Resolve parsing ambiguity
authorweijun
Wed, 08 Oct 2014 19:13:57 +0800
changeset 28551 6533404b7ce1
parent 28550 003089aca6b9
child 28552 608626229264
8059485: Resolve parsing ambiguity Reviewed-by: mullan, vinnie
jdk/src/java.base/share/classes/sun/security/util/DerIndefLenConverter.java file | annotate | diff | comparison | revisions
jdk/src/java.base/share/classes/sun/security/util/DerInputStream.java file | annotate | diff | comparison | revisions
jdk/src/java.naming/share/classes/com/sun/jndi/ldap/BerDecoder.java file | annotate | diff | comparison | revisions 
--- a/jdk/src/java.base/share/classes/sun/security/util/DerIndefLenConverter.java	Thu Oct 02 11:20:48 2014 -0700
+++ b/jdk/src/java.base/share/classes/sun/security/util/DerIndefLenConverter.java	Wed Oct 08 19:13:57 2014 +0800
@@ -156,12 +156,18 @@
         }
         if (isLongForm(lenByte)) {
             lenByte &= LEN_MASK;
-            if (lenByte > 4)
+            if (lenByte > 4) {
                 throw new IOException("Too much data");
-            if ((dataSize - dataPos) < (lenByte + 1))
+            }
+            if ((dataSize - dataPos) < (lenByte + 1)) {
                 throw new IOException("Too little data");
-            for (int i = 0; i < lenByte; i++)
+            }
+            for (int i = 0; i < lenByte; i++) {
                 curLen = (curLen << 8) + (data[dataPos++] & 0xff);
+            }
+            if (curLen < 0) {
+                throw new IOException("Invalid length bytes");
+            }
         } else {
            curLen = (lenByte & LEN_MASK);
         }
@@ -188,10 +194,15 @@
         }
         if (isLongForm(lenByte)) {
             lenByte &= LEN_MASK;
-            for (int i = 0; i < lenByte; i++)
+            for (int i = 0; i < lenByte; i++) {
                 curLen = (curLen << 8) + (data[dataPos++] & 0xff);
-        } else
+            }
+            if (curLen < 0) {
+                throw new IOException("Invalid length bytes");
+            }
+        } else {
             curLen = (lenByte & LEN_MASK);
+        }
         writeLength(curLen);
         writeValue(curLen);
     }
--- a/jdk/src/java.base/share/classes/sun/security/util/DerInputStream.java	Thu Oct 02 11:20:48 2014 -0700
+++ b/jdk/src/java.base/share/classes/sun/security/util/DerInputStream.java	Wed Oct 08 19:13:57 2014 +0800
@@ -577,6 +577,10 @@
                 value <<= 8;
                 value += 0x0ff & in.read();
             }
+            if (value < 0) {
+                throw new IOException("DerInputStream.getLength(): "
+                        + "Invalid length bytes");
+            }
         }
         return value;
     }
--- a/jdk/src/java.naming/share/classes/com/sun/jndi/ldap/BerDecoder.java	Thu Oct 02 11:20:48 2014 -0700
+++ b/jdk/src/java.naming/share/classes/com/sun/jndi/ldap/BerDecoder.java	Wed Oct 08 19:13:57 2014 +0800
@@ -95,6 +95,9 @@
             for( int i = 0; i < lengthbyte; i++) {
                 retval = (retval << 8) + (buf[offset++] & 0xff);
             }
+            if (retval < 0) {
+              throw new DecodeException("Invalid length bytes");
+            }
             return retval;
         } else {
             return lengthbyte;
jdk-sandbox