-
Bug
-
Resolution: Fixed
-
P4
-
7
-
b43
-
x86
-
linux
-
Verified
Issue | Fix Version | Assignee | Priority | Status | Resolution | Resolved In Build |
---|---|---|---|---|---|---|
JDK-8018928 | 7u45 | Jonathan Lu | P4 | Closed | Fixed | b01 |
JDK-2229307 | 7u40 | Sean Coffey | P4 | Closed | Fixed | b08 |
FULL PRODUCT VERSION :
ADDITIONAL OS VERSION INFORMATION :
Ubuntu 12.04 LTS
A DESCRIPTION OF THE PROBLEM :
If a call to java.security.Signature.verify(byte[] signature, int offset, int length) with offset + length > Integer.MAX_VALUE, an ArrayIndexOutOfBoundsException will be thrown instead of IllegalArgumentException.
REGRESSION. Last worked in version 7
STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
Run the test case.
EXPECTED VERSUS ACTUAL BEHAVIOR :
EXPECTED -
Test finished silently.
ACTUAL -
java.lang.ArrayIndexOutOfBoundsException was thrown.
ERROR MESSAGES/STACK TRACES THAT OCCUR :
Exception in thread "main" java.lang.ArrayIndexOutOfBoundsException: -2147483648
at sun.security.util.DerInputStream.init(DerInputStream.java:106)
at sun.security.util.DerInputStream.<init>(DerInputStream.java:95)
at sun.security.provider.DSA.engineVerify(DSA.java:326)
at java.security.Signature$Delegate.engineVerify(Signature.java:1179)
at java.security.Signature.verify(Signature.java:665)
REPRODUCIBILITY :
This bug can be reproduced always.
---------- BEGIN SOURCE ----------
/*
* Copyright (c) 2012 Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
/*
* Portions Copyright (c) 2012 IBM Corporation
*/
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.PublicKey;
import java.security.Signature;
public class test {
public static void main(String[] args) throws Exception {
KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("DSA");
keyPairGenerator.initialize(1024);
KeyPair keys = keyPairGenerator.generateKeyPair();
PublicKey publicKey = keys.getPublic();
byte[] sigBytes = new byte[100];
Signature signature = Signature.getInstance("SHA1withDSA");
signature.initVerify(publicKey);
try {
signature.verify(sigBytes, Integer.MAX_VALUE, 1);
} catch (IllegalArgumentException ex) {
// Expected
}
}
}
---------- END SOURCE ----------
ADDITIONAL OS VERSION INFORMATION :
Ubuntu 12.04 LTS
A DESCRIPTION OF THE PROBLEM :
If a call to java.security.Signature.verify(byte[] signature, int offset, int length) with offset + length > Integer.MAX_VALUE, an ArrayIndexOutOfBoundsException will be thrown instead of IllegalArgumentException.
REGRESSION. Last worked in version 7
STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
Run the test case.
EXPECTED VERSUS ACTUAL BEHAVIOR :
EXPECTED -
Test finished silently.
ACTUAL -
java.lang.ArrayIndexOutOfBoundsException was thrown.
ERROR MESSAGES/STACK TRACES THAT OCCUR :
Exception in thread "main" java.lang.ArrayIndexOutOfBoundsException: -2147483648
at sun.security.util.DerInputStream.init(DerInputStream.java:106)
at sun.security.util.DerInputStream.<init>(DerInputStream.java:95)
at sun.security.provider.DSA.engineVerify(DSA.java:326)
at java.security.Signature$Delegate.engineVerify(Signature.java:1179)
at java.security.Signature.verify(Signature.java:665)
REPRODUCIBILITY :
This bug can be reproduced always.
---------- BEGIN SOURCE ----------
/*
* Copyright (c) 2012 Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
/*
* Portions Copyright (c) 2012 IBM Corporation
*/
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.PublicKey;
import java.security.Signature;
public class test {
public static void main(String[] args) throws Exception {
KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("DSA");
keyPairGenerator.initialize(1024);
KeyPair keys = keyPairGenerator.generateKeyPair();
PublicKey publicKey = keys.getPublic();
byte[] sigBytes = new byte[100];
Signature signature = Signature.getInstance("SHA1withDSA");
signature.initVerify(publicKey);
try {
signature.verify(sigBytes, Integer.MAX_VALUE, 1);
} catch (IllegalArgumentException ex) {
// Expected
}
}
}
---------- END SOURCE ----------
- backported by
-
JDK-2229307 ArrayIndexOutOfBoundsException from Signature.verify
-
- Closed
-
-
JDK-8018928 ArrayIndexOutOfBoundsException from Signature.verify
-
- Closed
-