Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8228761

AIOOBE in CertificateFactory.getInstance("X.509").generateCertificate()

    Details

      Description

      ADDITIONAL SYSTEM INFORMATION :
      MacOS Mojave

      openjdk version "14-ea" 2020-03-17
      OpenJDK Runtime Environment (build 14-ea+6-171)
      OpenJDK 64-Bit Server VM (build 14-ea+6-171, mixed mode, sharing)

      A DESCRIPTION OF THE PROBLEM :
      CertificateFactory.getInstance("X.509").generateCertificate(input) may return unexpected exceptions when parsing invalid certificates. Exceptions include ArrayIndexOutOfBoundsException and NegativeArraySizeException.

      STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
      To reproduce, download the input files from https://drive.google.com/open?id=197uJtvhLpYpuSWqmHBzlHAXrq-oxhnZF, and run the following command for each one, where Repro.java is the class I included below "Source code for an executable test case":

      cat <input-file> | java Repro.java

      Note that I have a few more unexpected exceptions on java 8 (openjdk version "1.8.0_212") that I did not include since they seemed to be fixed in 14-ea.

      EXPECTED VERSUS ACTUAL BEHAVIOR :
      EXPECTED -
      A CertificateException should be raised.
      ACTUAL -
      On ArrayIndexOutOfBoundsException.DerIndefLenConverter.parseTag:
      Exception in thread "main" java.lang.ArrayIndexOutOfBoundsException: Index 261 out of bounds for length 261
              at java.base/sun.security.util.DerIndefLenConverter.parseTag(DerIndefLenConverter.java:97)
              at java.base/sun.security.util.DerIndefLenConverter.convertBytes(DerIndefLenConverter.java:335)
              at java.base/sun.security.util.DerInputStream.init(DerInputStream.java:131)
              at java.base/sun.security.util.DerInputStream.<init>(DerInputStream.java:78)
              at java.base/sun.security.rsa.RSAPublicKeyImpl.parseKeyBits(RSAPublicKeyImpl.java:177)
              at java.base/sun.security.x509.X509Key.decode(X509Key.java:390)
              at java.base/sun.security.x509.X509Key.decode(X509Key.java:401)
              at java.base/sun.security.rsa.RSAPublicKeyImpl.<init>(RSAPublicKeyImpl.java:122)
              at java.base/sun.security.rsa.RSAKeyFactory.generatePublic(RSAKeyFactory.java:330)
              at java.base/sun.security.rsa.RSAKeyFactory.engineGeneratePublic(RSAKeyFactory.java:235)
              at java.base/java.security.KeyFactory.generatePublic(KeyFactory.java:352)
              at java.base/sun.security.x509.X509Key.buildX509Key(X509Key.java:223)
              at java.base/sun.security.x509.X509Key.parse(X509Key.java:170)
              at java.base/sun.security.x509.CertificateX509Key.<init>(CertificateX509Key.java:75)
              at java.base/sun.security.x509.X509CertInfo.parse(X509CertInfo.java:674)
              at java.base/sun.security.x509.X509CertInfo.<init>(X509CertInfo.java:169)
              at java.base/sun.security.x509.X509CertImpl.parse(X509CertImpl.java:1836)
              at java.base/sun.security.x509.X509CertImpl.<init>(X509CertImpl.java:188)
              at java.base/sun.security.provider.X509Factory.engineGenerateCertificate(X509Factory.java:105)
              at java.base/java.security.cert.CertificateFactory.generateCertificate(CertificateFactory.java:355)
              at Repro.main(Repro.java:5)

      On ArrayIndexOutOfBoundsException.DerInputBuffer.getTime:
      Exception in thread "main" java.lang.ArrayIndexOutOfBoundsException: Index 13 out of bounds for length 13
              at java.base/sun.util.calendar.BaseCalendar.getDayOfYear(BaseCalendar.java:348)
              at java.base/sun.util.calendar.BaseCalendar.getFixedDate(BaseCalendar.java:381)
              at java.base/sun.util.calendar.BaseCalendar.getFixedDate(BaseCalendar.java:356)
              at java.base/sun.util.calendar.AbstractCalendar.getTime(AbstractCalendar.java:175)
              at java.base/sun.security.util.DerInputBuffer.getTime(DerInputBuffer.java:403)
              at java.base/sun.security.util.DerInputBuffer.getUTCTime(DerInputBuffer.java:265)
              at java.base/sun.security.util.DerInputStream.getUTCTime(DerInputStream.java:534)
              at java.base/sun.security.x509.CertificateValidity.construct(CertificateValidity.java:94)
              at java.base/sun.security.x509.CertificateValidity.<init>(CertificateValidity.java:128)
              at java.base/sun.security.x509.X509CertInfo.parse(X509CertInfo.java:663)
              at java.base/sun.security.x509.X509CertInfo.<init>(X509CertInfo.java:169)
              at java.base/sun.security.x509.X509CertImpl.parse(X509CertImpl.java:1836)
              at java.base/sun.security.x509.X509CertImpl.<init>(X509CertImpl.java:188)
              at java.base/sun.security.provider.X509Factory.engineGenerateCertificate(X509Factory.java:105)
              at java.base/java.security.cert.CertificateFactory.generateCertificate(CertificateFactory.java:355)
              at Repro.main(Repro.java:5)


      ---------- BEGIN SOURCE ----------
      import java.security.cert.CertificateFactory;

      class Repro {
          public static void main(String[] args) throws Exception {
              CertificateFactory.getInstance("X.509").generateCertificate(System.in);
          }
      }
      ---------- END SOURCE ----------

      FREQUENCY : always


        Attachments

          Activity

            People

            • Assignee:
              psonal Pallavi Sonal (Inactive)
              Reporter:
              webbuggrp Webbug Group
            • Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: