6731685: CertificateFactory.generateCertificates throws IOException on PKCS7 cert chain
Reviewed-by: mullan
--- a/src/share/classes/sun/security/util/DerIndefLenConverter.java Fri Aug 01 13:58:29 2008 -0700
+++ b/src/share/classes/sun/security/util/DerIndefLenConverter.java Wed Aug 06 08:11:49 2008 +0800
@@ -1,5 +1,5 @@
/*
- * Copyright 1998-2006 Sun Microsystems, Inc. All Rights Reserved.
+ * Copyright 1998-2008 Sun Microsystems, Inc. All Rights Reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -50,6 +50,7 @@ class DerIndefLenConverter {
private byte[] data, newData;
private int newDataPos, dataPos, dataSize, index;
+ private int unresolved = 0;
private ArrayList<Object> ndefsList = new ArrayList<Object>();
@@ -113,6 +114,7 @@ class DerIndefLenConverter {
numOfEncapsulatedLenBytes;
byte[] sectionLenBytes = getLengthBytes(sectionLen);
ndefsList.set(index, sectionLenBytes);
+ unresolved--;
// Add the number of bytes required to represent this section
// to the total number of length bytes,
@@ -149,6 +151,7 @@ class DerIndefLenConverter {
int lenByte = data[dataPos++] & 0xff;
if (isIndefinite(lenByte)) {
ndefsList.add(new Integer(dataPos));
+ unresolved++;
return curLen;
}
if (isLongForm(lenByte)) {
@@ -308,15 +311,21 @@ class DerIndefLenConverter {
dataPos=0; index=0;
dataSize = data.length;
int len=0;
+ int unused = 0;
// parse and set up the vectors of all the indefinite-lengths
while (dataPos < dataSize) {
parseTag();
len = parseLength();
parseValue(len);
- }
-
- newData = new byte[dataSize + numOfTotalLenBytes];
+ if (unresolved == 0) {
+ unused = dataSize - dataPos;
+ dataSize = dataPos;
+ break;
+ }
+ }
+
+ newData = new byte[dataSize + numOfTotalLenBytes + unused];
dataPos=0; newDataPos=0; index=0;
// write out the new byte array replacing all the indefinite-lengths
@@ -325,6 +334,8 @@ class DerIndefLenConverter {
writeTag();
writeLengthAndValue();
}
+ System.arraycopy(indefData, dataSize,
+ newData, dataSize + numOfTotalLenBytes, unused);
return newData;
}
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/test/sun/security/util/DerValue/Indefinite.java Wed Aug 06 08:11:49 2008 +0800
@@ -0,0 +1,44 @@
+/*
+ * Copyright 2008 Sun Microsystems, Inc. All Rights Reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa Clara,
+ * CA 95054 USA or visit www.sun.com if you need additional information or
+ * have any questions.
+ */
+
+/*
+ * @test
+ * @bug 6731685
+ * @summary CertificateFactory.generateCertificates throws IOException on PKCS7 cert chain
+ */
+
+import java.io.*;
+import sun.security.util.*;
+
+public class Indefinite {
+
+ public static void main(String[] args) throws Exception {
+ byte[] input = {
+ // An OCTET-STRING in 2 parts
+ 4, (byte)0x80, 4, 2, 'a', 'b', 4, 2, 'c', 'd', 0, 0,
+ // Garbage follows, may be falsely recognized as EOC
+ 0, 0, 0, 0
+ };
+ new DerValue(new ByteArrayInputStream(input));
+ }
+}