1 files changed, 55 insertions, 0 deletions

diff --git a/java/openjdk6/files/icedtea/openjdk/8021290-signature_validation.patch b/java/openjdk6/files/icedtea/openjdk/8021290-signature_validation.patch
new file mode 100644
index 000000000000..1cb588fecc68
--- /dev/null
+++ b/java/openjdk6/files/icedtea/openjdk/8021290-signature_validation.patch
@@ -0,0 +1,55 @@
+# HG changeset patch
+# User mullan
+# Date 1375219222 14400
+#      Tue Jul 30 17:20:22 2013 -0400
+# Node ID 3e758b40337ef9da5ad030d0ac60ab4407357277
+# Parent  5e3c766d18092d498d9019827c1058a32f1c4e2a
+8021290: Better signature validation
+Reviewed-by: xuelei, ahgross
+
+diff -r 5e3c766d1809 -r 3e758b40337e src/share/classes/com/sun/org/apache/xml/internal/security/utils/UnsyncByteArrayOutputStream.java
+--- jdk/src/share/classes/com/sun/org/apache/xml/internal/security/utils/UnsyncByteArrayOutputStream.java	Fri Oct 15 10:55:59 2010 -0400
++++ jdk/src/share/classes/com/sun/org/apache/xml/internal/security/utils/UnsyncByteArrayOutputStream.java	Tue Jul 30 17:20:22 2013 -0400
+@@ -44,6 +44,9 @@
+     }
+ 
+     public void write(byte[] arg0) {
++        if ((Integer.MAX_VALUE - pos) < arg0.length) {
++            throw new OutOfMemoryError();
++        }
+         int newPos = pos + arg0.length;
+         if (newPos > size) {
+             expandSize(newPos);
+@@ -53,6 +56,9 @@
+     }
+ 
+     public void write(byte[] arg0, int arg1, int arg2) {
++        if ((Integer.MAX_VALUE - pos) < arg2) {
++            throw new OutOfMemoryError();
++        }
+         int newPos = pos + arg2;
+         if (newPos > size) {
+             expandSize(newPos);
+@@ -62,6 +68,9 @@
+     }
+ 
+     public void write(int arg0) {
++        if ((Integer.MAX_VALUE - pos) == 0) {
++            throw new OutOfMemoryError();
++        }
+         int newPos = pos + 1;
+         if (newPos > size) {
+             expandSize(newPos);
+@@ -82,7 +91,11 @@
+     private void expandSize(int newPos) {
+         int newSize = size;
+         while (newPos > newSize) {
+-            newSize = newSize<<2;
++            newSize = newSize << 1;
++            // Deal with overflow
++            if (newSize < 0) {
++                newSize = Integer.MAX_VALUE;
++            }
+         }
+         byte newBuf[] = new byte[newSize];
+         System.arraycopy(buf, 0, newBuf, 0, pos);