-
Type:
Bug
-
Resolution: Fixed
-
Priority:
P4
-
Affects Version/s: None
-
Component/s: security-libs
-
b26
| Issue | Fix Version | Assignee | Priority | Status | Resolution | Resolved In Build |
|---|---|---|---|---|---|---|
| JDK-8268114 | 15.0.4 | Yuri Nesterenko | P4 | Resolved | Fixed | b04 |
When verifying a signed JAR, the bytes of the Manifest are read twice:
- In JarFile.getManifestFromReference():
JarEntry manEntry = getManEntry();
// If found then load the manifest
if (manEntry != null) {
if (verify) {
byte[] b = getBytes(manEntry);
...
and then again in JarFile.initializeVerifier(), when it is being read in this loop:
for (String name : names) {
JarEntry e = getJarEntry(name);
if (e == null) {
throw new JarException("corrupted jar file");
}
if (mev == null) {
mev = new ManifestEntryVerifier
(getManifestFromReference());
}
byte[] b = getBytes(e);
Since the raw bytes were previously stored in the manifestRawBytes field of the Manifest, they could be used above instead of reading them again.
- In JarFile.getManifestFromReference():
JarEntry manEntry = getManEntry();
// If found then load the manifest
if (manEntry != null) {
if (verify) {
byte[] b = getBytes(manEntry);
...
and then again in JarFile.initializeVerifier(), when it is being read in this loop:
for (String name : names) {
JarEntry e = getJarEntry(name);
if (e == null) {
throw new JarException("corrupted jar file");
}
if (mev == null) {
mev = new ManifestEntryVerifier
(getManifestFromReference());
}
byte[] b = getBytes(e);
Since the raw bytes were previously stored in the manifestRawBytes field of the Manifest, they could be used above instead of reading them again.
- backported by
-
JDK-8268114 Manifest bytes are read twice when verifying a signed JAR
-
- Resolved
-
