-
Bug
-
Resolution: Fixed
-
P4
-
1.3.0
-
merlin
-
sparc
-
solaris_2.6
Name: mc57594 Date: 01/05/2000
Verified with:
java version "1.3.0"
Java(TM) 2 Runtime Environment, Standard Edition (build 1.3.0-R)
[chamness]
=============================================
java version "1.2.2"
Classic VM (build JDK-1.2.2-W, green threads, sunwjit)
X509Factory sometimes throws NullPointerException when it's given bad
input. It should detect this and throw CertificateException.
Here's an example source code:
-------------------------------------
import java.io.*;
import java.security.cert.*;
public class X509FactoryBug {
private static final String data = "\211\0\225\3\5\0\70\154\157\231";
public static void main(String[] args) throws Exception {
CertificateFactory factory = CertificateFactory.getInstance("X.509");
InputStream is = new ByteArrayInputStream(data.getBytes("ISO8859_1"));
Certificate cert = factory.generateCertificate(is);
System.out.println("cert: " + cert);
}
}
------------------------
$ javac X509FactoryBug.java; java X509FactoryBug
Exception in thread "main" java.lang.NullPointerException
at sun.security.util.DerValue.toByteArray(DerValue.java, Compiled Code)
at sun.security.x509.X509CertImpl.parse(X509CertImpl.java, Compiled
Code)
at sun.security.x509.X509CertImpl.<init>(X509CertImpl.java, Compiled
Code)
at
sun.security.provider.X509Factory.engineGenerateCertificate(X509Factory.java,
Compiled Code)
at
java.security.cert.CertificateFactory.generateCertificate(CertificateFactory.java,
Compiled Code)
at X509FactoryBug.main(X509FactoryBug.java, Compiled Code)
(Review ID: 99603)
======================================================================