Catch the StackOverflowError triggered by malformed PKCS#7 signatures

ebourg · Oct 13, 2023 · 20b2f85 · 20b2f85
1 parent 87ceabf
commit 20b2f85
Show file tree

Hide file tree

Showing 9 changed files with 10 additions and 10 deletions.
diff --git a/jsign-core/src/main/java/net/jsign/appx/APPXFile.java b/jsign-core/src/main/java/net/jsign/appx/APPXFile.java
@@ -201,7 +201,7 @@ public List<CMSSignedData> getSignatures() throws IOException {
                 }
             } catch (UnsupportedOperationException e) {
                 // unsupported type, just skip
-            } catch (Exception e) {
+            } catch (Exception | StackOverflowError e) {
                 e.printStackTrace();
             }
         }

diff --git a/jsign-core/src/main/java/net/jsign/cat/CatalogFile.java b/jsign-core/src/main/java/net/jsign/cat/CatalogFile.java
@@ -143,7 +143,7 @@ public List<CMSSignedData> getSignatures() throws IOException {
                     }
                 }
             }
-        } catch (CMSException e) {
+        } catch (CMSException | StackOverflowError e) {
             throw new IOException(e);
         }
 

diff --git a/jsign-core/src/main/java/net/jsign/mscab/MSCabinetFile.java b/jsign-core/src/main/java/net/jsign/mscab/MSCabinetFile.java
@@ -218,7 +218,7 @@ public synchronized List<CMSSignedData> getSignatures() throws IOException {
                     }
                 }
             }
-        } catch (CMSException | IllegalArgumentException | IllegalStateException | NoSuchElementException | ClassCastException e) {
+        } catch (CMSException | IllegalArgumentException | IllegalStateException | NoSuchElementException | ClassCastException | StackOverflowError e) {
             throw new IOException(e);
         }
         return signatures;

diff --git a/jsign-core/src/main/java/net/jsign/msi/MSIFile.java b/jsign-core/src/main/java/net/jsign/msi/MSIFile.java
@@ -264,7 +264,7 @@ public List<CMSSignedData> getSignatures() throws IOException {
                     }
                 } catch (UnsupportedOperationException e) {
                     // unsupported type, just skip
-                } catch (Exception e) {
+                } catch (Exception | StackOverflowError e) {
                     e.printStackTrace();
                 }
             }

diff --git a/jsign-core/src/main/java/net/jsign/navx/NAVXFile.java b/jsign-core/src/main/java/net/jsign/navx/NAVXFile.java
@@ -162,7 +162,7 @@ public List<CMSSignedData> getSignatures() throws IOException {
             }
         } catch (UnsupportedOperationException e) {
             // unsupported type, just skip
-        } catch (Exception e) {
+        } catch (Exception | StackOverflowError e) {
             e.printStackTrace();
         }
 

diff --git a/jsign-core/src/main/java/net/jsign/navx/NAVXSignatureBlock.java b/jsign-core/src/main/java/net/jsign/navx/NAVXSignatureBlock.java
@@ -67,7 +67,7 @@ public void read(SeekableByteChannel channel) throws IOException {
         buffer.get(signatureBytes);
         try {
             signedData = new CMSSignedData((CMSProcessable) null, ContentInfo.getInstance(new ASN1InputStream(signatureBytes).readObject()));
-        } catch (CMSException e) {
+        } catch (CMSException | StackOverflowError e) {
             throw new IOException("Invalid CMS signature", e);
         }
     }

diff --git a/jsign-core/src/main/java/net/jsign/pe/CertificateTableEntry.java b/jsign-core/src/main/java/net/jsign/pe/CertificateTableEntry.java
@@ -71,7 +71,7 @@ public CMSSignedData getSignature() throws CMSException {
         if (signature == null) {
             try {
                 signature = new CMSSignedData((CMSProcessable) null, ContentInfo.getInstance(new ASN1InputStream(content).readObject()));
-            } catch (IOException e) {
+            } catch (IOException | StackOverflowError e) {
                 throw new IllegalArgumentException("Failed to construct ContentInfo from byte[]: ", e);
             }
         }

diff --git a/jsign-core/src/main/java/net/jsign/pe/PEFile.java b/jsign-core/src/main/java/net/jsign/pe/PEFile.java
@@ -732,7 +732,7 @@ public synchronized List<CMSSignedData> getSignatures() {
                 }
             } catch (UnsupportedOperationException e) {
                 // unsupported type, just skip
-            } catch (Exception e) {
+            } catch (Exception | StackOverflowError e) {
                 e.printStackTrace();
             }
         }

diff --git a/jsign-core/src/main/java/net/jsign/script/SignableScript.java b/jsign-core/src/main/java/net/jsign/script/SignableScript.java
@@ -197,7 +197,7 @@ public List<CMSSignedData> getSignatures() {
             }
         } catch (UnsupportedOperationException e) {
             // unsupported type, just skip
-        } catch (Exception e) {
+        } catch (Exception | StackOverflowError e) {
             e.printStackTrace();
         }
 
@@ -232,7 +232,7 @@ private CMSSignedData decodeSignatureBlock() throws CMSException {
 
         try {
             return new CMSSignedData((CMSProcessable) null, ContentInfo.getInstance(new ASN1InputStream(signatureBytes).readObject()));
-        } catch (IOException e) {
+        } catch (IOException | StackOverflowError e) {
             throw new IllegalArgumentException("Failed to construct ContentInfo from byte[]: ", e);
         }
     }