< prev index next >
src/share/classes/java/security/CodeSource.java
Print this page
rev 12546 : 8181432: Better processing of unresolved permissions
Reviewed-by: mullan
@@ -32,10 +32,11 @@
import java.util.List;
import java.util.Hashtable;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.security.cert.*;
+import sun.misc.IOUtils;
/**
*
* <p>This class extends the concept of a codebase to
* encapsulate not only the location (URL) but also the certificate chains
@@ -544,10 +545,12 @@
if (size > 0) {
// we know of 3 different cert types: X.509, PGP, SDSI, which
// could all be present in the stream at the same time
cfs = new Hashtable<String, CertificateFactory>(3);
certList = new ArrayList<>(size > 20 ? 20 : size);
+ } else if (size < 0) {
+ throw new IOException("size cannot be negative");
}
for (int i = 0; i < size; i++) {
// read the certificate type, and instantiate a certificate
// factory of that type (reuse existing factory if possible)
@@ -565,17 +568,11 @@
}
// store the certificate factory so we can reuse it later
cfs.put(certType, cf);
}
// parse the certificate
- byte[] encoded = null;
- try {
- encoded = new byte[ois.readInt()];
- } catch (OutOfMemoryError oome) {
- throw new IOException("Certificate too big");
- }
- ois.readFully(encoded);
+ byte[] encoded = IOUtils.readNBytes(ois, ois.readInt());
ByteArrayInputStream bais = new ByteArrayInputStream(encoded);
try {
certList.add(cf.generateCertificate(bais));
} catch (CertificateException ce) {
throw new IOException(ce.getMessage());
< prev index next >