From 80da503482d0a60dd88b6122026520b1beeca650 Mon Sep 17 00:00:00 2001 From: Alan Bateman Date: Wed, 15 Jun 2011 14:49:25 +0100 Subject: [PATCH] 7000600: InputStream.skip() makes sensitive data accessible to malicious code Reviewed-by: hawtin, chegar --- jdk/src/share/classes/java/io/InputStream.java | 16 ++++++---------- 1 file changed, 6 insertions(+), 10 deletions(-) diff --git a/jdk/src/share/classes/java/io/InputStream.java b/jdk/src/share/classes/java/io/InputStream.java index 23c166ed673..63d31d51f99 100644 --- a/jdk/src/share/classes/java/io/InputStream.java +++ b/jdk/src/share/classes/java/io/InputStream.java @@ -44,10 +44,9 @@ package java.io; */ public abstract class InputStream implements Closeable { - // SKIP_BUFFER_SIZE is used to determine the size of skipBuffer - private static final int SKIP_BUFFER_SIZE = 2048; - // skipBuffer is initialized in skip(long), if needed. - private static byte[] skipBuffer; + // MAX_SKIP_BUFFER_SIZE is used to determine the maximum buffer size to + // use when skipping. + private static final int MAX_SKIP_BUFFER_SIZE = 2048; /** * Reads the next byte of data from the input stream. The value byte is @@ -212,18 +211,15 @@ public abstract class InputStream implements Closeable { long remaining = n; int nr; - if (skipBuffer == null) - skipBuffer = new byte[SKIP_BUFFER_SIZE]; - - byte[] localSkipBuffer = skipBuffer; if (n <= 0) { return 0; } + int size = (int)Math.min(MAX_SKIP_BUFFER_SIZE, remaining); + byte[] skipBuffer = new byte[size]; while (remaining > 0) { - nr = read(localSkipBuffer, 0, - (int) Math.min(SKIP_BUFFER_SIZE, remaining)); + nr = read(skipBuffer, 0, (int)Math.min(size, remaining)); if (nr < 0) { break; }