8219775: Certificate validation improvements

Reviewed-by: ascarpino, ssahoo, skoivu
2025-09-20 11:04:34 +02:00 · 2019-03-07 22:19:12 -08:00 · 2019-03-07 22:19:12 -08:00 · 9785630af6
commit 9785630af6
parent e06d193456
1 changed files with 32 additions and 28 deletions
--- a/src/java.base/share/classes/sun/security/util/DerIndefLenConverter.java
+++ b/src/java.base/share/classes/sun/security/util/DerIndefLenConverter.java
@ -94,37 +94,41 @@ class DerIndefLenConverter {
    private void parseTag() throws IOException {
        if (dataPos == dataSize)
            return;
-        if (isEOC(data[dataPos]) && (data[dataPos + 1] == 0)) {
-            int numOfEncapsulatedLenBytes = 0;
-            Object elem = null;
-            int index;
-            for (index = ndefsList.size()-1; index >= 0; index--) {
-                // Determine the first element in the vector that does not
-                // have a matching EOC
-                elem = ndefsList.get(index);
-                if (elem instanceof Integer) {
-                    break;
-                } else {
-                    numOfEncapsulatedLenBytes += ((byte[])elem).length - 3;
+        try {
+            if (isEOC(data[dataPos]) && (data[dataPos + 1] == 0)) {
+                int numOfEncapsulatedLenBytes = 0;
+                Object elem = null;
+                int index;
+                for (index = ndefsList.size()-1; index >= 0; index--) {
+                    // Determine the first element in the vector that does not
+                    // have a matching EOC
+                    elem = ndefsList.get(index);
+                    if (elem instanceof Integer) {
+                        break;
+                    } else {
+                        numOfEncapsulatedLenBytes += ((byte[])elem).length - 3;
+                    }
                }
-            }
-            if (index < 0) {
-                throw new IOException("EOC does not have matching " +
-                                      "indefinite-length tag");
-            }
-            int sectionLen = dataPos - ((Integer)elem).intValue() +
-                             numOfEncapsulatedLenBytes;
-            byte[] sectionLenBytes = getLengthBytes(sectionLen);
-            ndefsList.set(index, sectionLenBytes);
-            unresolved--;
+                if (index < 0) {
+                    throw new IOException("EOC does not have matching " +
+                                          "indefinite-length tag");
+                }
+                int sectionLen = dataPos - ((Integer)elem).intValue() +
+                                 numOfEncapsulatedLenBytes;
+                byte[] sectionLenBytes = getLengthBytes(sectionLen);
+                ndefsList.set(index, sectionLenBytes);
+                unresolved--;

-            // Add the number of bytes required to represent this section
-            // to the total number of length bytes,
-            // and subtract the indefinite-length tag (1 byte) and
-            // EOC bytes (2 bytes) for this section
-            numOfTotalLenBytes += (sectionLenBytes.length - 3);
+                // Add the number of bytes required to represent this section
+                // to the total number of length bytes,
+                // and subtract the indefinite-length tag (1 byte) and
+                // EOC bytes (2 bytes) for this section
+                numOfTotalLenBytes += (sectionLenBytes.length - 3);
+            }
+            dataPos++;
+        } catch (IndexOutOfBoundsException iobe) {
+            throw new IOException(iobe);
        }
-        dataPos++;
    }

    /**