Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8253299

Manifest bytes are read twice when verifying a signed JAR

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: P4
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 16
    • Component/s: security-libs
    • Labels:

      Description

      When verifying a signed JAR, the bytes of the Manifest are read twice:

      - In JarFile.getManifestFromReference():

                  JarEntry manEntry = getManEntry();

                  // If found then load the manifest
                  if (manEntry != null) {
                      if (verify) {
                          byte[] b = getBytes(manEntry);
                         ...

      and then again in JarFile.initializeVerifier(), when it is being read in this loop:

                  for (String name : names) {
                      JarEntry e = getJarEntry(name);
                      if (e == null) {
                          throw new JarException("corrupted jar file");
                      }
                      if (mev == null) {
                          mev = new ManifestEntryVerifier
                              (getManifestFromReference());
                      }
                      byte[] b = getBytes(e);

      Since the raw bytes were previously stored in the manifestRawBytes field of the Manifest, they could be used above instead of reading them again.

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              hchao Haimay Chao
              Reporter:
              mullan Sean Mullan
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved: