@@ -104,6 +104,9 @@ public static KeyPair readPrivateKey(final Type type, final PrivateKeyInfo keyIn
104104 switch (type ) {
105105 case RSA :
106106 seq = (ASN1Sequence ) keyInfo .parsePrivateKey ();
107+ if (seq .size () < 9 ) {
108+ throw new IOException ("malformed RSA private key (expected 9 elements, got " + seq .size () + ")" );
109+ }
107110 ASN1Integer mod = (ASN1Integer ) seq .getObjectAt (1 );
108111 ASN1Integer pubExp = (ASN1Integer ) seq .getObjectAt (2 );
109112 ASN1Integer privExp = (ASN1Integer ) seq .getObjectAt (3 );
@@ -133,6 +136,9 @@ public static KeyPair readPrivateKey(final Type type, final PrivateKeyInfo keyIn
133136 } else {
134137 // Traditional "DSA PRIVATE KEY" format: SEQUENCE { version, p, q, g, y, x }
135138 seq = (ASN1Sequence ) parsedDSAKey ;
139+ if (seq .size () < 6 ) {
140+ throw new IOException ("malformed DSA private key (expected 6 elements, got " + seq .size () + ")" );
141+ }
136142 ASN1Integer p = (ASN1Integer ) seq .getObjectAt (1 );
137143 ASN1Integer q = (ASN1Integer ) seq .getObjectAt (2 );
138144 ASN1Integer g = (ASN1Integer ) seq .getObjectAt (3 );
@@ -273,7 +279,11 @@ public static PublicKey readDSAPublicKey(final KeyFactory dsaFactory, final byte
273279 // d2i_DHparams_bio
274280 public static DHParameterSpec readDHParameter (final byte [] input ) throws IOException {
275281 ASN1InputStream aIn = new ASN1InputStream (input );
276- ASN1Sequence seq = (ASN1Sequence ) aIn .readObject ();
282+ ASN1Primitive obj = aIn .readObject ();
283+ if (!(obj instanceof ASN1Sequence ) || ((ASN1Sequence ) obj ).size () < 2 ) {
284+ throw new IOException ("malformed DH parameters (expected sequence with at least 2 elements)" );
285+ }
286+ ASN1Sequence seq = (ASN1Sequence ) obj ;
277287 BigInteger p = ((ASN1Integer ) seq .getObjectAt (0 )).getValue ();
278288 BigInteger g = ((ASN1Integer ) seq .getObjectAt (1 )).getValue ();
279289 return new DHParameterSpec (p , g );
0 commit comments