archive/jdk
1
0
Fork 0
mirror of https://github.com/openjdk/jdk.git synced 2025-08-27 23:04:50 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

8267617: Certificate's IP x509 NameConstraints raises ArrayIndexOutOfBoundsException

Browse source 
Reviewed-by: mullan
This commit is contained in:
Daniel Jeliński 2022-12-06 08:24:17 +00:00
parent 923c746650
commit 2a243a33cc
2 changed files with 86 additions and 5 deletions
Download patch file Download diff file Expand all files Collapse all files

13
src/java.base/share/classes/sun/security/x509/IPAddressName.java
View file

@ -401,11 +401,12 @@ public class IPAddressName implements GeneralNameInterface {
else {
IPAddressName otherName = (IPAddressName)inputName;
byte[] otherAddress = otherName.address;
if (otherAddress.length == 4 && address.length == 4)
if ((otherAddress.length == 4 && address.length == 4) ||
(otherAddress.length == 16 && address.length == 16)) {
// Two host addresses
constraintType = NAME_SAME_TYPE;
else if ((otherAddress.length == 8 && address.length == 8) ||
(otherAddress.length == 32 && address.length == 32)) {
} else if ((otherAddress.length == 8 && address.length == 8) ||
(otherAddress.length == 32 && address.length == 32)) {
// Two subnet addresses
// See if one address fully encloses the other address
boolean otherSubsetOfThis = true;
@ -440,7 +441,8 @@ public class IPAddressName implements GeneralNameInterface {
constraintType = NAME_WIDENS;
else
constraintType = NAME_SAME_TYPE;
} else if (otherAddress.length == 8 || otherAddress.length == 32) {
} else if ((otherAddress.length == 8 && address.length == 4) ||
(otherAddress.length == 32 && address.length == 16)) {
//Other is a subnet, this is a host address
int i = 0;
int maskOffset = otherAddress.length/2;
@ -454,7 +456,8 @@ public class IPAddressName implements GeneralNameInterface {
constraintType = NAME_WIDENS;
else
constraintType = NAME_SAME_TYPE;
} else if (address.length == 8 || address.length == 32) {
} else if ((otherAddress.length == 4 && address.length == 8) ||
(otherAddress.length == 16 && address.length == 32)) {
//This is a subnet, other is a host address
int i = 0;
int maskOffset = address.length/2;