From 20b2f854c442cfc85ed78ab3ec3cf1591b35eb3e Mon Sep 17 00:00:00 2001 From: Emmanuel Bourg Date: Fri, 13 Oct 2023 09:39:11 +0200 Subject: [PATCH] Catch the StackOverflowError triggered by malformed PKCS#7 signatures --- jsign-core/src/main/java/net/jsign/appx/APPXFile.java | 2 +- jsign-core/src/main/java/net/jsign/cat/CatalogFile.java | 2 +- jsign-core/src/main/java/net/jsign/mscab/MSCabinetFile.java | 2 +- jsign-core/src/main/java/net/jsign/msi/MSIFile.java | 2 +- jsign-core/src/main/java/net/jsign/navx/NAVXFile.java | 2 +- .../src/main/java/net/jsign/navx/NAVXSignatureBlock.java | 2 +- .../src/main/java/net/jsign/pe/CertificateTableEntry.java | 2 +- jsign-core/src/main/java/net/jsign/pe/PEFile.java | 2 +- jsign-core/src/main/java/net/jsign/script/SignableScript.java | 4 ++-- 9 files changed, 10 insertions(+), 10 deletions(-) diff --git a/jsign-core/src/main/java/net/jsign/appx/APPXFile.java b/jsign-core/src/main/java/net/jsign/appx/APPXFile.java index b6347b71..ea2e0756 100644 --- a/jsign-core/src/main/java/net/jsign/appx/APPXFile.java +++ b/jsign-core/src/main/java/net/jsign/appx/APPXFile.java @@ -201,7 +201,7 @@ public List getSignatures() throws IOException { } } catch (UnsupportedOperationException e) { // unsupported type, just skip - } catch (Exception e) { + } catch (Exception | StackOverflowError e) { e.printStackTrace(); } } diff --git a/jsign-core/src/main/java/net/jsign/cat/CatalogFile.java b/jsign-core/src/main/java/net/jsign/cat/CatalogFile.java index caca1b7a..8a44d4d0 100644 --- a/jsign-core/src/main/java/net/jsign/cat/CatalogFile.java +++ b/jsign-core/src/main/java/net/jsign/cat/CatalogFile.java @@ -143,7 +143,7 @@ public List getSignatures() throws IOException { } } } - } catch (CMSException e) { + } catch (CMSException | StackOverflowError e) { throw new IOException(e); } diff --git a/jsign-core/src/main/java/net/jsign/mscab/MSCabinetFile.java b/jsign-core/src/main/java/net/jsign/mscab/MSCabinetFile.java index 4452840e..2b555a15 100644 --- a/jsign-core/src/main/java/net/jsign/mscab/MSCabinetFile.java +++ b/jsign-core/src/main/java/net/jsign/mscab/MSCabinetFile.java @@ -218,7 +218,7 @@ public synchronized List getSignatures() throws IOException { } } } - } catch (CMSException | IllegalArgumentException | IllegalStateException | NoSuchElementException | ClassCastException e) { + } catch (CMSException | IllegalArgumentException | IllegalStateException | NoSuchElementException | ClassCastException | StackOverflowError e) { throw new IOException(e); } return signatures; diff --git a/jsign-core/src/main/java/net/jsign/msi/MSIFile.java b/jsign-core/src/main/java/net/jsign/msi/MSIFile.java index f823529a..d1477861 100644 --- a/jsign-core/src/main/java/net/jsign/msi/MSIFile.java +++ b/jsign-core/src/main/java/net/jsign/msi/MSIFile.java @@ -264,7 +264,7 @@ public List getSignatures() throws IOException { } } catch (UnsupportedOperationException e) { // unsupported type, just skip - } catch (Exception e) { + } catch (Exception | StackOverflowError e) { e.printStackTrace(); } } diff --git a/jsign-core/src/main/java/net/jsign/navx/NAVXFile.java b/jsign-core/src/main/java/net/jsign/navx/NAVXFile.java index e69d398c..fd0dbcaf 100644 --- a/jsign-core/src/main/java/net/jsign/navx/NAVXFile.java +++ b/jsign-core/src/main/java/net/jsign/navx/NAVXFile.java @@ -162,7 +162,7 @@ public List getSignatures() throws IOException { } } catch (UnsupportedOperationException e) { // unsupported type, just skip - } catch (Exception e) { + } catch (Exception | StackOverflowError e) { e.printStackTrace(); } diff --git a/jsign-core/src/main/java/net/jsign/navx/NAVXSignatureBlock.java b/jsign-core/src/main/java/net/jsign/navx/NAVXSignatureBlock.java index 712cc008..e2b04d23 100644 --- a/jsign-core/src/main/java/net/jsign/navx/NAVXSignatureBlock.java +++ b/jsign-core/src/main/java/net/jsign/navx/NAVXSignatureBlock.java @@ -67,7 +67,7 @@ public void read(SeekableByteChannel channel) throws IOException { buffer.get(signatureBytes); try { signedData = new CMSSignedData((CMSProcessable) null, ContentInfo.getInstance(new ASN1InputStream(signatureBytes).readObject())); - } catch (CMSException e) { + } catch (CMSException | StackOverflowError e) { throw new IOException("Invalid CMS signature", e); } } diff --git a/jsign-core/src/main/java/net/jsign/pe/CertificateTableEntry.java b/jsign-core/src/main/java/net/jsign/pe/CertificateTableEntry.java index 0891c0d3..cedf1372 100644 --- a/jsign-core/src/main/java/net/jsign/pe/CertificateTableEntry.java +++ b/jsign-core/src/main/java/net/jsign/pe/CertificateTableEntry.java @@ -71,7 +71,7 @@ public CMSSignedData getSignature() throws CMSException { if (signature == null) { try { signature = new CMSSignedData((CMSProcessable) null, ContentInfo.getInstance(new ASN1InputStream(content).readObject())); - } catch (IOException e) { + } catch (IOException | StackOverflowError e) { throw new IllegalArgumentException("Failed to construct ContentInfo from byte[]: ", e); } } diff --git a/jsign-core/src/main/java/net/jsign/pe/PEFile.java b/jsign-core/src/main/java/net/jsign/pe/PEFile.java index c899f01c..dca9b46c 100644 --- a/jsign-core/src/main/java/net/jsign/pe/PEFile.java +++ b/jsign-core/src/main/java/net/jsign/pe/PEFile.java @@ -732,7 +732,7 @@ public synchronized List getSignatures() { } } catch (UnsupportedOperationException e) { // unsupported type, just skip - } catch (Exception e) { + } catch (Exception | StackOverflowError e) { e.printStackTrace(); } } diff --git a/jsign-core/src/main/java/net/jsign/script/SignableScript.java b/jsign-core/src/main/java/net/jsign/script/SignableScript.java index 1fbb21aa..88ff3121 100644 --- a/jsign-core/src/main/java/net/jsign/script/SignableScript.java +++ b/jsign-core/src/main/java/net/jsign/script/SignableScript.java @@ -197,7 +197,7 @@ public List getSignatures() { } } catch (UnsupportedOperationException e) { // unsupported type, just skip - } catch (Exception e) { + } catch (Exception | StackOverflowError e) { e.printStackTrace(); } @@ -232,7 +232,7 @@ private CMSSignedData decodeSignatureBlock() throws CMSException { try { return new CMSSignedData((CMSProcessable) null, ContentInfo.getInstance(new ASN1InputStream(signatureBytes).readObject())); - } catch (IOException e) { + } catch (IOException | StackOverflowError e) { throw new IllegalArgumentException("Failed to construct ContentInfo from byte[]: ", e); } }