stan/jdk-24
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

7000600: InputStream.skip() makes sensitive data accessible to malicious code

Browse Source 
Reviewed-by: hawtin, chegar
This commit is contained in:
Alan Bateman 2011-06-15 14:49:25 +01:00
parent 24b47ab2e8
commit 80da503482
1 changed files with 6 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
jdk/src/share/classes/java/io/InputStream.java
View File

@ -44,10 +44,9 @@ package java.io;
*/ */
public abstract class InputStream implements Closeable { public abstract class InputStream implements Closeable {
// SKIP_BUFFER_SIZE is used to determine the size of skipBuffer // MAX_SKIP_BUFFER_SIZE is used to determine the maximum buffer size to
private static final int SKIP_BUFFER_SIZE = 2048; // use when skipping.
// skipBuffer is initialized in skip(long), if needed. private static final int MAX_SKIP_BUFFER_SIZE = 2048;
private static byte[] skipBuffer;
/** /**
* Reads the next byte of data from the input stream. The value byte is * Reads the next byte of data from the input stream. The value byte is
@ -212,18 +211,15 @@ public abstract class InputStream implements Closeable {
long remaining = n; long remaining = n;
int nr; int nr;
if (skipBuffer == null)
skipBuffer = new byte[SKIP_BUFFER_SIZE];
byte[] localSkipBuffer = skipBuffer;
if (n <= 0) { if (n <= 0) {
return 0; return 0;
} }
int size = (int)Math.min(MAX_SKIP_BUFFER_SIZE, remaining);
byte[] skipBuffer = new byte[size];
while (remaining > 0) { while (remaining > 0) {
nr = read(localSkipBuffer, 0, nr = read(skipBuffer, 0, (int)Math.min(size, remaining));
(int) Math.min(SKIP_BUFFER_SIZE, remaining));
if (nr < 0) { if (nr < 0) {
break; break;
} }