7000600: InputStream.skip() makes sensitive data accessible to malicious code

Reviewed-by: hawtin, chegar
2011-06-15 14:49:25 +01:00 · 2011-06-15 14:49:25 +01:00 · 80da503482
commit 80da503482
parent 24b47ab2e8
1 changed files with 6 additions and 10 deletions
--- a/jdk/src/share/classes/java/io/InputStream.java
+++ b/jdk/src/share/classes/java/io/InputStream.java
@ -44,10 +44,9 @@ package java.io;
 */
 public abstract class InputStream implements Closeable {

-    // SKIP_BUFFER_SIZE is used to determine the size of skipBuffer
-    private static final int SKIP_BUFFER_SIZE = 2048;
-    // skipBuffer is initialized in skip(long), if needed.
-    private static byte[] skipBuffer;
+    // MAX_SKIP_BUFFER_SIZE is used to determine the maximum buffer size to
+    // use when skipping.
+    private static final int MAX_SKIP_BUFFER_SIZE = 2048;

    /**
     * Reads the next byte of data from the input stream. The value byte is
@ -212,18 +211,15 @@ public abstract class InputStream implements Closeable {

        long remaining = n;
        int nr;
-        if (skipBuffer == null)
-            skipBuffer = new byte[SKIP_BUFFER_SIZE];
-
-        byte[] localSkipBuffer = skipBuffer;

        if (n <= 0) {
            return 0;
        }

+        int size = (int)Math.min(MAX_SKIP_BUFFER_SIZE, remaining);
+        byte[] skipBuffer = new byte[size];
        while (remaining > 0) {
-            nr = read(localSkipBuffer, 0,
-                      (int) Math.min(SKIP_BUFFER_SIZE, remaining));
+            nr = read(skipBuffer, 0, (int)Math.min(size, remaining));
            if (nr < 0) {
                break;
            }