From addad0cec94d2535a435de50a6d1bb066fa90b33 Mon Sep 17 00:00:00 2001
From: Adrian <adrnisto@amazon.com>
Date: Tue, 2 Oct 2018 14:07:09 -0700
Subject: [PATCH] Sanity check: the signing service returned the same number of
 files as the List<File> files parameter.  See pull request for a check on the
 file names too.

---
 java/org/apache/tomcat/buildutil/SignCode.java | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/java/org/apache/tomcat/buildutil/SignCode.java b/java/org/apache/tomcat/buildutil/SignCode.java
index bde6bcd7fccc..851ebbee19fe 100644
--- a/java/org/apache/tomcat/buildutil/SignCode.java
+++ b/java/org/apache/tomcat/buildutil/SignCode.java
@@ -397,7 +397,9 @@ private static void extractFilesFromApplicationString(String data, List<File> fi
             byte[] buf = new byte[32 * 1024];
             for (int i = 0; i < files.size(); i ++) {
                 try (FileOutputStream fos = new FileOutputStream(files.get(i))) {
-                    zis.getNextEntry();
+                    if (zis.getNextEntry() == null) {
+                        throw new BuildException("Signing failed. Malformed service reply.");
+                    }
                     int numRead;
                     while ( (numRead = zis.read(buf)) >= 0) {
                         fos.write(buf, 0 , numRead);