Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

8280409: JarFile::getInputStream can fail with NPE accessing ze.getName() #7348

Closed
wants to merge 10 commits into from
+1,104 −33
Closed

8280409: JarFile::getInputStream can fail with NPE accessing ze.getName() #7348

Changes from 1 commit
Commits
Show all changes
10 commits
Select commit Hold shift + click to select a range
e4488fd
Address Zip/JarFile::getInputStream Exception handling
LanceAndersen Feb 4, 2022
b50ebf0
Update copyright year
LanceAndersen Feb 4, 2022
6c75384
Reduce Exception checking to JarFile::verifiableEntry
LanceAndersen Feb 7, 2022
dbd56d8
Address formatting and message feedback
LanceAndersen Feb 8, 2022
32f6c28
Return a null InputStream when the ZipEntry is not found in the Jar
LanceAndersen Feb 10, 2022
d5cf8db
Return null when ZipEntry::getName is null
LanceAndersen Feb 17, 2022
490c986
Add additional comments describing how the jars are created
LanceAndersen Feb 18, 2022
818c285
remove trailing space
LanceAndersen Feb 18, 2022
839d99f
remove extra '}'
LanceAndersen Feb 18, 2022
e540a3a
Modified and clarified test comments
LanceAndersen Feb 22, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
76 changes: 46 additions & 30 deletions test/jdk/java/util/zip/ZipFile/GetInputStreamNPETest.java
View file
Original file line number Diff line number Diff line change
@@ -68,8 +68,32 @@ public class GetInputStreamNPETest {
public static final String ZIP_ENTRY_THAT_DOES_NOT_EXIST = "org/gotham/Batcave.class";

/**
* Byte array representing valid jar file prior modifying a filename in the
* CEN
* Byte array representing a valid jar file prior modifying a filename in the
* CEN.
* The "Valid-EntryName.jar" jar file was created via:
* <pre>
* {@code
* jar cvf Valid-EntryName.jar javax/inject/Singleton.class
* added manifest
* adding: javax/inject/Singleton.class(in = 359) (out= 221)(deflated 38%)
* }
* </pre>
* Its contents are:
* <pre>
* {@code
* jar tvf Valid-EntryName.jar
* 0 Wed Jan 26 14:27:26 EST 2022 META-INF/
* 66 Wed Jan 26 14:27:26 EST 2022 META-INF/MANIFEST.MF
* 359 Mon Jan 24 22:11:24 EST 2011 javax/inject/Singleton.class
* }
* </pre>
* The ByteArray was created by:
* <pre>
* {@code
* var jar = Files.readAllBytes("Valid-EntryName.jar");
* var validEntryName = createByteArray(fooJar, "VALID_ENTRY_NAME");
* }
* </pre>
*/
public static byte[] VALID_ENTRY_NAME = {
(byte) 0x50, (byte) 0x4b, (byte) 0x3, (byte) 0x4, (byte) 0x14,
@@ -218,15 +242,22 @@ public class GetInputStreamNPETest {
};

/**
* Byte array representing valid signed jar file prior modifying a filename in the
* CEN
* The jar was signed via:
* Byte array representing a valid signed jar file prior modifying a filename
* in the CEN.
* The "Valid-EntryName.jar" jar file was signed via:
* <pre>
* {@code
* keytool -genkey -keyalg RSA -alias myFirstKey -keystore myKeystore -storepass changeit -keypass changeit
* jarsigner -keystore myKeystore -verbose Valid-EntryName.jar -signedjar signed.jar myFirstKey
* jarsigner -keystore myKeystore -verbose Valid-EntryName.jar -signedjar Signed-Valid-EntryName.jar myFirstKey
* }
* </pre>
* The ByteArray was created by:
* <pre>
* {@code
* var signedJar = Files.readAllBytes("Signed-Valid-EntryName.jar");
* var signedValidEntryName = createByteArray(fooJar, "SIGNED_VALID_ENTRY_NAME");
* }
* </pre>
*/
public static byte[] SIGNED_VALID_ENTRY_NAME = {
(byte) 0x50, (byte) 0x4b, (byte) 0x3, (byte) 0x4, (byte) 0x14,
@@ -751,32 +782,17 @@ public Object[][] inValidJars() {
/**
* Create Jar files used by the tests.
*
* The signed jar was created from the jar {@code Valid-EntryName.jar} via:
* <pre>
* {@code
* keytool -genkey -keyalg RSA -alias myFirstKey -keystore myKeystore -storepass changeit -keypass changeit
* jarsigner -keystore myKeystore -verbose Valid-EntryName.jar -signedjar signed.jar myFirstKey
* }
* </pre>
*
* The {@code Valid-EntryName.jar} and {@code Signed-Valid-EntryName.jar}
* that are written to disk at the start of the test run within
* the {@code setup} method were converted to a {@code ByteArray} using the
* utility method {@code createByteArray} using code similar to:
*
* <pre>
* {@code
* var jar = Files.readAllBytes(VALID_ENTRY_NAME_JAR);
* var validEntryName = createByteArray(fooJar, "VALID_ENTRY_NAME");
* var signedJar = Files.readAllBytes(SIGNED_VALID_ENTRY_NAME_JAR);
* var signedValidEntryName = createByteArray(fooJar, "SIGNED_VALID_ENTRY_NAME");
* }
* </pre>
* The {@code byte} arrays {@code VALID_ENTRY_NAME_JAR} and
* {@code SIGNED-VALID_ENTRY_NAME_JAR} are written to disk to create the jar
* files: {@code Valid-EntryName.jar} and {@code Signed-Valid-EntryName.jar}.
*
* The jar files {@code Invalid-EntryName.jar} and
* {@code Signed-Invalid-EntryName.jar} are created by modifying
* the CEN filename entry changing the value from
* {@code 0x53}, "S", to the value {@code 0x13}
* {@code Signed-Invalid-EntryName.jar} are created by copying the
* {@code byte} arrays {@code VALID_ENTRY_NAME} and
* {@code SIGNED-VALID_ENTRY_NAME} and modifying
* the CEN filename entry, "javax/inject/Singleton.class", changing the
* first character from {@code 0x53}, "S", to the {@code 0x13}.
*
* @throws IOException If an error occurs
*
*/