cxf-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
Subject String index out of range at org.apache.cxf.helpers.HttpHeaderHelper (findCharset)
Date Fri, 22 Apr 2016 07:33:22 GMT
Hello all,


While pentesting one of our servers, I came across a "String index out of
range: -1" exception in method findCharset() at

I have checked the code in latest version apache-cxf-3.1.6  and the problem
is still there:


93            if (charset.charAt(0) == '\"') {

94                charset = charset.substring(1, charset.length() - 1);

95           }


Previous line check on charset length does not return null as charset
variable still contains the quote.

Then, the next substring operation assumes that if charset starts with
double quote, the length of the string is greater than one, so 'invalid'
input like:


Content-Type: application/x-www-form-urlencoded; charset="

Content-Type: application/x-www-form-urlencoded; charset=";utf-8 " 



Will trigger this exception on server side, as translated into an
charset.substring( 1, 0 ).

Nothing exploitable from the security point of view, though.


If I permit myself to comment, a possible fix to avoid getting this method
too messy, could be to strip off quotes before the charset.isEmpty() check,
then if charset is empty it will return null, otherwise it will return
charset with no need for further substring operations.




View raw message