commons-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "floyd (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (COMPRESS-447) ArrayIndexOutOfBoundsException in ZipFile
Date Tue, 17 Apr 2018 13:59:00 GMT

    [ https://issues.apache.org/jira/browse/COMPRESS-447?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16440884#comment-16440884
] 

floyd commented on COMPRESS-447:
--------------------------------

In the end it probably doesn't matter this much (from my security point of view). Because
when you parse an invalid zip file then that will fail anyway at one point and has to be communicated
to the original caller. Honestly, I think I'm not the right person to answer that, but an
explicit bounds check in X7875_NewUnix sounds like a sane choice.

> ArrayIndexOutOfBoundsException in ZipFile
> -----------------------------------------
>
>                 Key: COMPRESS-447
>                 URL: https://issues.apache.org/jira/browse/COMPRESS-447
>             Project: Commons Compress
>          Issue Type: Bug
>          Components: Archivers
>            Reporter: floyd
>            Priority: Major
>         Attachments: 7_uncaught_ArrayIndexOutOfBoundsException_1.zip, 7_uncaught_ArrayIndexOutOfBoundsException_2.zip
>
>
> As part of a fuzzing run for a larger software that uses Apache Commons Compress ZipFile
with the AFL-based Kelinci fuzzer found at https://github.com/isstac/kelinci I found the following
ArrayIndexOutOfBoundsException issues:
> {code:java}
> Exception in thread "main" java.lang.ArrayIndexOutOfBoundsException
>     at java.lang.System.arraycopy(Native Method)
>     at org.apache.commons.compress.archivers.zip.X7875_NewUnix.parseFromLocalFileData(X7875_NewUnix.java:224)
>     at org.apache.commons.compress.archivers.zip.ExtraFieldUtils.parse(ExtraFieldUtils.java:179)
>     at org.apache.commons.compress.archivers.zip.ZipArchiveEntry.setExtra(ZipArchiveEntry.java:571)
>     at org.apache.commons.compress.archivers.zip.ZipFile.resolveLocalFileHeaderData(ZipFile.java:1042)
>     at org.apache.commons.compress.archivers.zip.ZipFile.<init>(ZipFile.java:291)
>     at org.apache.commons.compress.archivers.zip.ZipFile.<init>(ZipFile.java:213)
>     at org.apache.commons.compress.archivers.zip.ZipFile.<init>(ZipFile.java:196)
>     at org.apache.commons.compress.archivers.zip.ZipFile.<init>(ZipFile.java:157){code}
> The issue can be reproduced with the attached files.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Mime
View raw message