stan/jdk-24
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

8168705: Better ObjectIdentifier validation

Browse Source 
Reviewed-by: mullan, asmotrak, ahgross
This commit is contained in:
Anthony Scarpino 2016-11-17 09:51:10 -08:00
parent e859125b09
commit 3a41c2175c
1 changed files with 7 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
jdk/src/java.base/share/classes/sun/security/util/ObjectIdentifier.java
View File

@ -255,7 +255,13 @@ class ObjectIdentifier implements Serializable
+ " (tag = " + type_id + ")"
);
encoding = new byte[in.getDefiniteLength()];
int len = in.getDefiniteLength();
if (len > in.available()) {
throw new IOException("ObjectIdentifier() -- length exceeds" +
"data available. Length: " + len + ", Available: " +
in.available());
}
encoding = new byte[len];
in.getBytes(encoding);
check(encoding);
}