mirrors/JetBrainsRuntime
1
0
Fork 0
mirror of https://github.com/JetBrains/JetBrainsRuntime.git synced 2025-12-06 09:29:38 +01:00
Code Issues Packages Projects Releases Wiki Activity

8296400: pointCrlIssuers might be null in DistributionPointFetcher::verifyURL

Browse Source 
Reviewed-by: weijun
(cherry picked from commit de9f3b6aac)
This commit is contained in:
Matthew Donovan
2023-03-10 14:10:41 +00:00
committed by Vitaly Provodin
parent e8e98f57e6
commit 73d03c4675
1 changed files with 7 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
src/java.base/share/classes/sun/security/provider/certpath/DistributionPointFetcher.java
View File

@@ -430,7 +430,7 @@ public class DistributionPointFetcher {
debug.println("DP relativeName:" + relativeName);
}
if (indirectCRL) {
if (pointCrlIssuers.size() != 1) {
if (pointCrlIssuers == null || pointCrlIssuers.size() != 1) {
// RFC 5280: there must be only 1 CRL issuer
// name when relativeName is present
if (debug != null) {
@@ -439,6 +439,9 @@ public class DistributionPointFetcher {
}
return false;
}
// if pointCrlIssuers is not null, pointCrlIssuer
// will also be non-null or the code would have
// returned before now
pointNames = getFullNames
(pointCrlIssuer, relativeName);
} else {
@@ -475,6 +478,9 @@ public class DistributionPointFetcher {
// verify that one of the names in the IDP matches one of
// the names in the cRLIssuer of the cert's DP
boolean match = false;
// the DP's fullName and relativeName fields are null
// which means pointCrlIssuers is non-null; the three
// cannot all be missing from a certificate.
for (Iterator<GeneralName> t = pointCrlIssuers.iterator();
!match && t.hasNext(); ) {
GeneralNameInterface crlIssuerName = t.next().getName();