8219775: Certificate validation improvements
authorjnimeh
Thu, 07 Mar 2019 22:19:12 -0800
changeset 55707 b8a12f53226e
parent 55706 e29d7fea0e4d
child 55708 2b0acaf92ecc
8219775: Certificate validation improvements Reviewed-by: ascarpino, ssahoo, skoivu
src/java.base/share/classes/sun/security/util/DerIndefLenConverter.java
--- a/src/java.base/share/classes/sun/security/util/DerIndefLenConverter.java	Wed Feb 27 13:58:04 2019 -0800
+++ b/src/java.base/share/classes/sun/security/util/DerIndefLenConverter.java	Thu Mar 07 22:19:12 2019 -0800
@@ -94,37 +94,41 @@
     private void parseTag() throws IOException {
         if (dataPos == dataSize)
             return;
-        if (isEOC(data[dataPos]) && (data[dataPos + 1] == 0)) {
-            int numOfEncapsulatedLenBytes = 0;
-            Object elem = null;
-            int index;
-            for (index = ndefsList.size()-1; index >= 0; index--) {
-                // Determine the first element in the vector that does not
-                // have a matching EOC
-                elem = ndefsList.get(index);
-                if (elem instanceof Integer) {
-                    break;
-                } else {
-                    numOfEncapsulatedLenBytes += ((byte[])elem).length - 3;
+        try {
+            if (isEOC(data[dataPos]) && (data[dataPos + 1] == 0)) {
+                int numOfEncapsulatedLenBytes = 0;
+                Object elem = null;
+                int index;
+                for (index = ndefsList.size()-1; index >= 0; index--) {
+                    // Determine the first element in the vector that does not
+                    // have a matching EOC
+                    elem = ndefsList.get(index);
+                    if (elem instanceof Integer) {
+                        break;
+                    } else {
+                        numOfEncapsulatedLenBytes += ((byte[])elem).length - 3;
+                    }
                 }
+                if (index < 0) {
+                    throw new IOException("EOC does not have matching " +
+                                          "indefinite-length tag");
+                }
+                int sectionLen = dataPos - ((Integer)elem).intValue() +
+                                 numOfEncapsulatedLenBytes;
+                byte[] sectionLenBytes = getLengthBytes(sectionLen);
+                ndefsList.set(index, sectionLenBytes);
+                unresolved--;
+
+                // Add the number of bytes required to represent this section
+                // to the total number of length bytes,
+                // and subtract the indefinite-length tag (1 byte) and
+                // EOC bytes (2 bytes) for this section
+                numOfTotalLenBytes += (sectionLenBytes.length - 3);
             }
-            if (index < 0) {
-                throw new IOException("EOC does not have matching " +
-                                      "indefinite-length tag");
-            }
-            int sectionLen = dataPos - ((Integer)elem).intValue() +
-                             numOfEncapsulatedLenBytes;
-            byte[] sectionLenBytes = getLengthBytes(sectionLen);
-            ndefsList.set(index, sectionLenBytes);
-            unresolved--;
-
-            // Add the number of bytes required to represent this section
-            // to the total number of length bytes,
-            // and subtract the indefinite-length tag (1 byte) and
-            // EOC bytes (2 bytes) for this section
-            numOfTotalLenBytes += (sectionLenBytes.length - 3);
+            dataPos++;
+        } catch (IndexOutOfBoundsException iobe) {
+            throw new IOException(iobe);
         }
-        dataPos++;
     }
 
     /**