8300596: Enhance Jar Signature validation

Reviewed-by: mullan, rhalade, mschoene, weijun
2025-08-28 07:14:30 +02:00 · 2023-03-29 20:24:13 +00:00 · 2023-03-29 20:24:13 +00:00 · ecd0bc1d62
commit ecd0bc1d62
parent fff7e1ad00
3 changed files with 40 additions and 4 deletions
--- a/src/java.base/share/classes/java/util/jar/JarFile.java
+++ b/src/java.base/share/classes/java/util/jar/JarFile.java
@ -30,6 +30,7 @@ import jdk.internal.access.JavaUtilZipFileAccess;
 import jdk.internal.misc.ThreadTracker;
 import sun.security.action.GetPropertyAction;
 import sun.security.util.ManifestEntryVerifier;
+import sun.security.util.SignatureFileVerifier;

 import java.io.ByteArrayInputStream;
 import java.io.EOFException;
@ -144,8 +145,6 @@ public class JarFile extends ZipFile {
    private static final Runtime.Version RUNTIME_VERSION;
    private static final boolean MULTI_RELEASE_ENABLED;
    private static final boolean MULTI_RELEASE_FORCED;
-    // The maximum size of array to allocate. Some VMs reserve some header words in an array.
-    private static final int MAX_ARRAY_SIZE = Integer.MAX_VALUE - 8;

    private SoftReference<Manifest> manRef;
    private JarEntry manEntry;
@ -799,8 +798,11 @@ public class JarFile extends ZipFile {
    private byte[] getBytes(ZipEntry ze) throws IOException {
        try (InputStream is = super.getInputStream(ze)) {
            long uncompressedSize = ze.getSize();
-            if (uncompressedSize > MAX_ARRAY_SIZE) {
-                throw new IOException("Unsupported size: " + uncompressedSize);
+            if (uncompressedSize > SignatureFileVerifier.MAX_SIG_FILE_SIZE) {
+                throw new IOException("Unsupported size: " + uncompressedSize +
+                        " for JarEntry " + ze.getName() +
+                        ". Allowed max size: " +
+                        SignatureFileVerifier.MAX_SIG_FILE_SIZE + " bytes");
            }
            int len = (int)uncompressedSize;
            int bytesRead;
--- a/src/java.base/share/classes/sun/security/util/SignatureFileVerifier.java
+++ b/src/java.base/share/classes/sun/security/util/SignatureFileVerifier.java
@ -36,6 +36,7 @@ import java.util.*;
 import java.util.jar.Attributes;
 import java.util.jar.Manifest;

+import sun.security.action.GetIntegerAction;
 import sun.security.jca.Providers;
 import sun.security.pkcs.PKCS7;
 import sun.security.pkcs.SignerInfo;
@ -83,6 +84,12 @@ public class SignatureFileVerifier {

    private static final String META_INF = "META-INF/";

+    // the maximum allowed size in bytes for the signature-related files
+    public static final int MAX_SIG_FILE_SIZE = initializeMaxSigFileSize();
+
+    // The maximum size of array to allocate. Some VMs reserve some header words in an array.
+    private static final int MAX_ARRAY_SIZE = Integer.MAX_VALUE - 8;
+
    /**
     * Create the named SignatureFileVerifier.
     *
@ -833,4 +840,24 @@ public class SignatureFileVerifier {
        signerCache.add(cachedSigners);
        signers.put(name, cachedSigners);
    }
+
+    private static int initializeMaxSigFileSize() {
+        /*
+         * System property "jdk.jar.maxSignatureFileSize" used to configure
+         * the maximum allowed number of bytes for the signature-related files
+         * in a JAR file.
+         */
+        Integer tmp = GetIntegerAction.privilegedGetProperty(
+                "jdk.jar.maxSignatureFileSize", 8000000);
+        if (tmp < 0 || tmp > MAX_ARRAY_SIZE) {
+            if (debug != null) {
+                debug.println("Default signature file size 8000000 bytes " +
+                        "is used as the specified size for the " +
+                        "jdk.jar.maxSignatureFileSize system property " +
+                        "is out of range: " + tmp);
+            }
+            tmp = 8000000;
+        }
+        return tmp;
+    }
 }