VerifyRangeCheckOverflow.java revision 6264:a68090f0dc1a
1178825Sdfr/* 2233294Sstas * Copyright (c) 2012, Oracle and/or its affiliates. All rights reserved. 3233294Sstas * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. 4233294Sstas * 5178825Sdfr * This code is free software; you can redistribute it and/or modify it 6233294Sstas * under the terms of the GNU General Public License version 2 only, as 7233294Sstas * published by the Free Software Foundation. 8233294Sstas * 9178825Sdfr * This code is distributed in the hope that it will be useful, but WITHOUT 10233294Sstas * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 11233294Sstas * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License 12178825Sdfr * version 2 for more details (a copy is included in the LICENSE file that 13233294Sstas * accompanied this code). 14233294Sstas * 15233294Sstas * You should have received a copy of the GNU General Public License version 16178825Sdfr * 2 along with this work; if not, write to the Free Software Foundation, 17233294Sstas * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. 18233294Sstas * 19233294Sstas * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA 20178825Sdfr * or visit www.oracle.com if you need additional information or have any 21233294Sstas * questions. 22233294Sstas */ 23233294Sstas 24233294Sstas/* 25233294Sstas * Portions Copyright (c) 2012 IBM Corporation 26233294Sstas */ 27233294Sstas 28233294Sstas/* @test 29233294Sstas * @bug 7172149 30233294Sstas * @summary AIOOBE from Signature.verify after integer overflow 31233294Sstas * @author Jonathan Lu 32178825Sdfr */ 33178825Sdfr 34178825Sdfrimport java.security.KeyPair; 35178825Sdfrimport java.security.KeyPairGenerator; 36178825Sdfrimport java.security.PublicKey; 37178825Sdfrimport java.security.Signature; 38178825Sdfr 39178825Sdfrpublic class VerifyRangeCheckOverflow { 40178825Sdfr 41178825Sdfr public static void main(String[] args) throws Exception { 42178825Sdfr KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("DSA"); 43178825Sdfr keyPairGenerator.initialize(1024); 44178825Sdfr KeyPair keys = keyPairGenerator.generateKeyPair(); 45178825Sdfr PublicKey publicKey = keys.getPublic(); 46233294Sstas byte[] sigBytes = new byte[100]; 47178825Sdfr 48178825Sdfr Signature signature = Signature.getInstance("SHA1withDSA"); 49178825Sdfr signature.initVerify(publicKey); 50178825Sdfr try { 51178825Sdfr signature.verify(sigBytes, Integer.MAX_VALUE, 1); 52178825Sdfr } catch (IllegalArgumentException ex) { 53233294Sstas // Expected 54178825Sdfr } 55178825Sdfr } 56178825Sdfr} 57178825Sdfr