8264864: Multiple byte tag not supported by ASN.1 encoding

Reviewed-by: xuelei
This commit is contained in:
Weijun Wang 2021-04-08 21:26:05 +00:00
parent ccefa5e378
commit 3d2b4cc567
2 changed files with 83 additions and 1 deletions
src/java.base/share/classes/sun/security/util
test/jdk/sun/security/util/DerValue

@ -1,5 +1,5 @@
/*
* Copyright (c) 1996, 2020, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 1996, 2021, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -221,6 +221,9 @@ public class DerValue {
* Creates a new DerValue by specifying all its fields.
*/
DerValue(byte tag, byte[] buffer, int start, int end, boolean allowBER) {
if ((tag & 0x1f) == 0x1f) {
throw new IllegalArgumentException("Tag number over 30 is not supported");
}
this.tag = tag;
this.buffer = buffer;
this.start = start;
@ -315,6 +318,9 @@ public class DerValue {
}
int pos = offset;
tag = buf[pos++];
if ((tag & 0x1f) == 0x1f) {
throw new IOException("Tag number over 30 at " + offset + " is not supported");
}
int lenByte = buf[pos++];
int length;
@ -388,6 +394,9 @@ public class DerValue {
// arg to control whether DER checks are enforced.
DerValue(InputStream in, boolean allowBER) throws IOException {
this.tag = (byte)in.read();
if ((tag & 0x1f) == 0x1f) {
throw new IOException("Tag number over 30 is not supported");
}
int length = DerInputStream.getLength(in);
if (length == -1) { // indefinite length encoding found
if (!allowBER) {
@ -1140,6 +1149,9 @@ public class DerValue {
* @param val the tag value
*/
public static byte createTag(byte tagClass, boolean form, byte val) {
if (val < 0 || val > 30) {
throw new IllegalArgumentException("Tag number over 30 is not supported");
}
byte tag = (byte)(tagClass | val);
if (form) {
tag |= (byte)0x20;

@ -0,0 +1,70 @@
/*
* Copyright (c) 2021, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
/*
* @test
* @bug 8264864
* @summary Multiple byte tag not supported by ASN.1 encoding
* @modules java.base/sun.security.util
* @library /test/lib
*/
import jdk.test.lib.Utils;
import sun.security.util.DerInputStream;
import sun.security.util.DerValue;
import java.io.IOException;
public class WideTag {
public static void main(String[] args) throws Exception {
// Small ones
DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)30);
DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0);
// Big ones
Utils.runAndCheckException(
() -> DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)31),
IllegalArgumentException.class);
Utils.runAndCheckException(
() -> DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)222),
IllegalArgumentException.class);
// We don't accept number 31
Utils.runAndCheckException(() -> new DerValue((byte)0xbf, new byte[10]),
IllegalArgumentException.class);
// CONTEXT [98] size 97. Not supported. Should fail.
// Before this fix, it was interpreted as CONTEXT [31] size 98.
byte[] wideDER = new byte[100];
wideDER[0] = (byte)0xBF;
wideDER[1] = (byte)98;
wideDER[2] = (byte)97;
Utils.runAndCheckException(() -> new DerValue(wideDER),
IOException.class);
Utils.runAndCheckException(() -> new DerInputStream(wideDER).getDerValue(),
IOException.class);
}
}