changeset 1516:7352778840c7

6830335: Java JAR Pack200 Decompression Integer Overflow Vulnerability Summary: Fixes a potential vulnerability in the unpack200 logic, by adding extra checks, a back-port. Reviewed-by: asaha
author ksrini
date Mon, 22 Jun 2009 07:23:20 -0700
parents ffb8e36b668c
children 043280e1fc76
files src/share/native/com/sun/java/util/jar/pack/unpack.cpp
diffstat 1 files changed, 6 insertions(+), 4 deletions(-) [+]
line wrap: on
line diff
--- a/src/share/native/com/sun/java/util/jar/pack/unpack.cpp	Tue Jun 23 13:54:36 2009 -0400
+++ b/src/share/native/com/sun/java/util/jar/pack/unpack.cpp	Mon Jun 22 07:23:20 2009 -0700
@@ -908,10 +908,12 @@
 
   // place a limit on future CP growth:
   int generous = 0;
-  generous += u->ic_count*3; // implicit name, outer, outer.utf8
-  generous += 40;  // WKUs, misc
-  generous += u->class_count;  // implicit SourceFile strings
-  maxentries = nentries + generous;
+  generous = add_size(generous, u->ic_count); // implicit name
+  generous = add_size(generous, u->ic_count); // outer
+  generous = add_size(generous, u->ic_count); // outer.utf8
+  generous = add_size(generous, 40); // WKUs, misc
+  generous = add_size(generous, u->class_count); // implicit SourceFile strings
+  maxentries = add_size(nentries, generous);
 
   // Note that this CP does not include "empty" entries
   // for longs and doubles.  Those are introduced when