8219775: Certificate validation improvements

Reviewed-by: ascarpino, ssahoo, skoivu
2025-09-20 19:14:38 +02:00 · 2019-03-07 22:19:12 -08:00 · 2019-03-07 22:19:12 -08:00 · 9785630af6
commit 9785630af6
parent e06d193456
1 changed files with 32 additions and 28 deletions
--- a/src/java.base/share/classes/sun/security/util/DerIndefLenConverter.java
+++ b/src/java.base/share/classes/sun/security/util/DerIndefLenConverter.java
@ -94,37 +94,41 @@ class DerIndefLenConverter {
    private void parseTag() throws IOException {
        if (dataPos == dataSize)
            return;
-        if (isEOC(data[dataPos]) && (data[dataPos + 1] == 0)) {
+        try {
-            int numOfEncapsulatedLenBytes = 0;
+            if (isEOC(data[dataPos]) && (data[dataPos + 1] == 0)) {
-            Object elem = null;
+                int numOfEncapsulatedLenBytes = 0;
-            int index;
+                Object elem = null;
-            for (index = ndefsList.size()-1; index >= 0; index--) {
+                int index;
-                // Determine the first element in the vector that does not
+                for (index = ndefsList.size()-1; index >= 0; index--) {
-                // have a matching EOC
+                    // Determine the first element in the vector that does not
-                elem = ndefsList.get(index);
+                    // have a matching EOC
-                if (elem instanceof Integer) {
+                    elem = ndefsList.get(index);
-                    break;
+                    if (elem instanceof Integer) {
-                } else {
+                        break;
-                    numOfEncapsulatedLenBytes += ((byte[])elem).length - 3;
+                    } else {
                        numOfEncapsulatedLenBytes += ((byte[])elem).length - 3;
                    }
                }
-            }
+                if (index < 0) {
-            if (index < 0) {
+                    throw new IOException("EOC does not have matching " +
-                throw new IOException("EOC does not have matching " +
+                                          "indefinite-length tag");
-                                      "indefinite-length tag");
+                }
-            }
+                int sectionLen = dataPos - ((Integer)elem).intValue() +
-            int sectionLen = dataPos - ((Integer)elem).intValue() +
+                                 numOfEncapsulatedLenBytes;
-                             numOfEncapsulatedLenBytes;
+                byte[] sectionLenBytes = getLengthBytes(sectionLen);
-            byte[] sectionLenBytes = getLengthBytes(sectionLen);
+                ndefsList.set(index, sectionLenBytes);
-            ndefsList.set(index, sectionLenBytes);
+                unresolved--;
            unresolved--;
-            // Add the number of bytes required to represent this section
+                // Add the number of bytes required to represent this section
-            // to the total number of length bytes,
+                // to the total number of length bytes,
-            // and subtract the indefinite-length tag (1 byte) and
+                // and subtract the indefinite-length tag (1 byte) and
-            // EOC bytes (2 bytes) for this section
+                // EOC bytes (2 bytes) for this section
-            numOfTotalLenBytes += (sectionLenBytes.length - 3);
+                numOfTotalLenBytes += (sectionLenBytes.length - 3);
            }
            dataPos++;
        } catch (IndexOutOfBoundsException iobe) {
            throw new IOException(iobe);
        }
        dataPos++;
    }
    /**