8181432: Better processing of unresolved permissions

Reviewed-by: mullan
2025-08-28 07:14:30 +02:00 · 2017-07-06 09:20:21 +08:00 · 2017-07-06 09:20:21 +08:00 · 3232ef5897
commit 3232ef5897
parent 47efefa42f
5 changed files with 50 additions and 25 deletions
--- a/src/java.base/share/classes/java/security/UnresolvedPermission.java
+++ b/src/java.base/share/classes/java/security/UnresolvedPermission.java
@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1997, 2015, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1997, 2017, Oracle and/or its affiliates. All rights reserved.
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 *
 * This code is free software; you can redistribute it and/or modify it
@ -25,12 +25,16 @@

 package java.security;

+import sun.security.util.IOUtils;
+
 import java.io.IOException;
 import java.io.ByteArrayInputStream;
+import java.security.cert.Certificate;
 import java.util.ArrayList;
 import java.util.Hashtable;
 import java.lang.reflect.*;
 import java.security.cert.*;
+import java.util.List;

 /**
 * The UnresolvedPermission class is used to hold Permissions that
@ -550,6 +554,7 @@ implements java.io.Serializable
    {
        CertificateFactory cf;
        Hashtable<String, CertificateFactory> cfs = null;
+        List<Certificate> certList = null;

        ois.defaultReadObject();

@ -562,7 +567,9 @@ implements java.io.Serializable
            // we know of 3 different cert types: X.509, PGP, SDSI, which
            // could all be present in the stream at the same time
            cfs = new Hashtable<>(3);
-            this.certs = new java.security.cert.Certificate[size];
+            certList = new ArrayList<>(size > 20 ? 20 : size);
+        } else if (size < 0) {
+            throw new IOException("size cannot be negative");
        }

        for (int i=0; i<size; i++) {
@ -584,20 +591,18 @@ implements java.io.Serializable
                cfs.put(certType, cf);
            }
            // parse the certificate
-            byte[] encoded=null;
-            try {
-                encoded = new byte[ois.readInt()];
-            } catch (OutOfMemoryError oome) {
-                throw new IOException("Certificate too big");
-            }
-            ois.readFully(encoded);
+            byte[] encoded = IOUtils.readNBytes(ois, ois.readInt());
            ByteArrayInputStream bais = new ByteArrayInputStream(encoded);
            try {
-                this.certs[i] = cf.generateCertificate(bais);
+                certList.add(cf.generateCertificate(bais));
            } catch (CertificateException ce) {
                throw new IOException(ce.getMessage());
            }
            bais.close();
        }
+        if (certList != null) {
+            this.certs = certList.toArray(
+                    new java.security.cert.Certificate[size]);
+        }
    }
 }