7000600: InputStream.skip() makes sensitive data accessible to malicious code
Reviewed-by: hawtin, chegar
--- a/jdk/src/share/classes/java/io/InputStream.java Tue May 24 15:28:26 2011 -0700
+++ b/jdk/src/share/classes/java/io/InputStream.java Wed Jun 15 14:49:25 2011 +0100
@@ -44,10 +44,9 @@
*/
public abstract class InputStream implements Closeable {
- // SKIP_BUFFER_SIZE is used to determine the size of skipBuffer
- private static final int SKIP_BUFFER_SIZE = 2048;
- // skipBuffer is initialized in skip(long), if needed.
- private static byte[] skipBuffer;
+ // MAX_SKIP_BUFFER_SIZE is used to determine the maximum buffer size to
+ // use when skipping.
+ private static final int MAX_SKIP_BUFFER_SIZE = 2048;
/**
* Reads the next byte of data from the input stream. The value byte is
@@ -212,18 +211,15 @@
long remaining = n;
int nr;
- if (skipBuffer == null)
- skipBuffer = new byte[SKIP_BUFFER_SIZE];
-
- byte[] localSkipBuffer = skipBuffer;
if (n <= 0) {
return 0;
}
+ int size = (int)Math.min(MAX_SKIP_BUFFER_SIZE, remaining);
+ byte[] skipBuffer = new byte[size];
while (remaining > 0) {
- nr = read(localSkipBuffer, 0,
- (int) Math.min(SKIP_BUFFER_SIZE, remaining));
+ nr = read(skipBuffer, 0, (int)Math.min(size, remaining));
if (nr < 0) {
break;
}