RF: jarsigner breaks old signature with long lines in manifest

Weijun Wang weijun.wang at oracle.com
Sun Jun 16 10:03:55 UTC 2019 

Hi Philipp,

I've read all the src/ files.

ManifestDigester.java:

 140         if (!findSection(0, pos)) throw new IllegalStateException(
 141             "ManifestDigester failed to create " + MF_MAIN_ATTRS + " entry");

This is a behavior change, although it might be the correct choice. I think you will at least need a CSR to publicly discuss about it.

If the manifest has something but not ends with new line, is it possible to read them?

If the manifest is just empty, is it possible to create an Entry with no Section?

JarSigner.java:

 696             mfCreated = true;

Unnecessary anymore.

 723                 String zeNameUp = ze.getName().toUpperCase(Locale.ENGLISH);
 724                 if (SignatureFileVerifier.isBlockOrSF(zeNameUp)) {
 725                     if (!zeNameUp.startsWith(SignatureFile
 726                             .getBaseSignatureFilesName(signerName))) {
 727                         wasSigned = true;
 728                     }
 729                 }

You added a new check. Do you mean if the signer is the same then the SF will be rewritten anyway and there is no need to retain old MANIFEST.MF bytes?

 900                 if (ze.getName().startsWith(SignatureFile
 901                         .getBaseSignatureFilesName(signerName))) {
 902                     if (handler != null) {
 903                         handler.accept("updating", ze.getName());
 904                     }
 905                     continue;
 906                 }

It looks you are dealing with a use case that a file was signed with alias=A having an RSA key, and now you re-sign it with alias=A this time having an EC key, and you want to drop the A.EC file. Right?  What if there is a file A.XYZ there? Can we add an additional check isBlockOrSF(ze.getName())? I admit no one is likely to store an A.XYZ there.

I'll read the tests.

Thanks,
Max

> On Jun 11, 2019, at 3:08 PM, Weijun Wang <weijun.wang at oracle.com> wrote:
> 
> Hi Philipp,
> 
> I'll start reviewing this code change. Since this is a P3 bug fix, we still have a month's time (before RDP 2 starts on 7/18) to work on it.
> 
> Also, I've included John as a reviewer. He is the author of the Compatibility.java test.
> 
> Thanks,
> Max
> 
>> On May 23, 2019, at 9:49 AM, Weijun Wang <weijun.wang at oracle.com> wrote:
>> 
>> Hi Philipp,
>> 
>> I've just uploaded your patch to
>> 
>> http://cr.openjdk.java.net/~weijun/8217375/webrev.01/
>

More information about the security-dev mailing list