From e6c926e0282432968c8c05865dd603a2ea7a35a3 Mon Sep 17 00:00:00 2001 From: Valerie Peng Date: Wed, 5 Jan 2022 18:53:09 +0000 Subject: [PATCH] 8277227: Better identification of OIDs Reviewed-by: ahgross, weijun, rhalade --- .../share/classes/sun/security/util/ObjectIdentifier.java | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/src/java.base/share/classes/sun/security/util/ObjectIdentifier.java b/src/java.base/share/classes/sun/security/util/ObjectIdentifier.java index cc60c8bef9e..dc70c4d0719 100644 --- a/src/java.base/share/classes/sun/security/util/ObjectIdentifier.java +++ b/src/java.base/share/classes/sun/security/util/ObjectIdentifier.java @@ -365,7 +365,7 @@ public final class ObjectIdentifier implements Serializable { if ((encoding[i] & 0x80) == 0) { // one section [fromPos..i] if (i - fromPos + 1 > 4) { - BigInteger big = new BigInteger(pack(encoding, + BigInteger big = new BigInteger(1, pack(encoding, fromPos, i-fromPos+1, 7, 8)); if (fromPos == 0) { result[which++] = 2; @@ -434,7 +434,7 @@ public final class ObjectIdentifier implements Serializable { sb.append('.'); } if (i - fromPos + 1 > 4) { // maybe big integer - BigInteger big = new BigInteger( + BigInteger big = new BigInteger(1, pack(encoding, fromPos, i-fromPos+1, 7, 8)); if (fromPos == 0) { // first section encoded with more than 4 bytes, @@ -688,6 +688,7 @@ public final class ObjectIdentifier implements Serializable { throw new IOException("ObjectIdentifier encoded length was " + "negative: " + oidLength); } + if (oidLength > MAXIMUM_OID_SIZE) { throw new IOException( "ObjectIdentifier encoded length exceeds " +