Mercurial Mercurial > jdk-sandbox / changeset
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
8000210: Improve JarFile code quality
authorweijun
Wed, 19 Sep 2012 12:58:43 +0800
changeset 16082 a042f1412a78
parent 16081 452341da6f0b
child 16083 3d08cc685055
child 16084 23e1be1fef19
8000210: Improve JarFile code quality Reviewed-by: ahgross, xuelei, mschoene
jdk/src/share/classes/java/util/jar/JarFile.java file | annotate | diff | comparison | revisions
jdk/src/share/classes/sun/security/util/DerIndefLenConverter.java file | annotate | diff | comparison | revisions 
--- a/jdk/src/share/classes/java/util/jar/JarFile.java	Mon Oct 22 11:49:37 2012 -0700
+++ b/jdk/src/share/classes/java/util/jar/JarFile.java	Wed Sep 19 12:58:43 2012 +0800
@@ -34,6 +34,7 @@
 import java.security.cert.Certificate;
 import java.security.AccessController;
 import java.security.CodeSource;
+import sun.misc.IOUtils;
 import sun.security.action.GetPropertyAction;
 import sun.security.util.ManifestEntryVerifier;
 import sun.misc.SharedSecrets;
@@ -329,6 +330,9 @@
             if (names != null) {
                 for (int i = 0; i < names.length; i++) {
                     JarEntry e = getJarEntry(names[i]);
+                    if (e == null) {
+                        throw new JarException("corrupted jar file");
+                    }
                     if (!e.isDirectory()) {
                         if (mev == null) {
                             mev = new ManifestEntryVerifier
@@ -348,6 +352,10 @@
             // treat the jar file as being unsigned
             jv = null;
             verify = false;
+            if (JarVerifier.debug != null) {
+                JarVerifier.debug.println("jarfile parsing error!");
+                ex.printStackTrace();
+            }
         }
 
         // if after initializing the verifier we have nothing
@@ -375,11 +383,9 @@
      * META-INF files.
      */
     private byte[] getBytes(ZipEntry ze) throws IOException {
-        byte[] b = new byte[(int)ze.getSize()];
-        try (DataInputStream is = new DataInputStream(super.getInputStream(ze))) {
-            is.readFully(b, 0, b.length);
+        try (InputStream is = super.getInputStream(ze)) {
+            return IOUtils.readFully(is, (int)ze.getSize(), true);
         }
-        return b;
     }
 
     /**
@@ -479,12 +485,7 @@
         if (!isKnownToNotHaveClassPathAttribute()) {
             JarEntry manEntry = getManEntry();
             if (manEntry != null) {
-                byte[] b = new byte[(int)manEntry.getSize()];
-                try (DataInputStream dis = new DataInputStream(
-                         super.getInputStream(manEntry))) {
-                    dis.readFully(b, 0, b.length);
-                }
-
+                byte[] b = getBytes(manEntry);
                 int last = b.length - src.length;
                 int i = 0;
                 next:
--- a/jdk/src/share/classes/sun/security/util/DerIndefLenConverter.java	Mon Oct 22 11:49:37 2012 -0700
+++ b/jdk/src/share/classes/sun/security/util/DerIndefLenConverter.java	Wed Sep 19 12:58:43 2012 +0800
@@ -325,6 +325,10 @@
             }
         }
 
+        if (unresolved != 0) {
+            throw new IOException("not all indef len BER resolved");
+        }
+
         newData = new byte[dataSize + numOfTotalLenBytes + unused];
         dataPos=0; newDataPos=0; index=0;
jdk-sandbox