cxf-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Alon Bar-Lev (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (CXF-7496) Parsing Bug in org.apache.cxf.jaxrs.json.basic.JsonMapObjectReaderWriter: in-string "{"
Date Tue, 05 Sep 2017 12:21:00 GMT

    [ https://issues.apache.org/jira/browse/CXF-7496?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16153551#comment-16153551
] 

Alon Bar-Lev commented on CXF-7496:
-----------------------------------

Thanks for the prompt action.

I wounder, what do you recommend? We are failing JWT validations because of this bug... What
can we do in the mean time? This issue is severe, enough for us to consider which to a different
library.

Thanks!

> Parsing Bug in org.apache.cxf.jaxrs.json.basic.JsonMapObjectReaderWriter: in-string "{"
> ---------------------------------------------------------------------------------------
>
>                 Key: CXF-7496
>                 URL: https://issues.apache.org/jira/browse/CXF-7496
>             Project: CXF
>          Issue Type: Bug
>          Components: JAX-RS
>    Affects Versions: 3.1.7, 3.1.12
>         Environment: java version "1.8.0_25"
> Java(TM) SE Runtime Environment (build 1.8.0_25-b18)
> Java HotSpot(TM) 64-Bit Server VM (build 25.25-b02, mixed mode)
>            Reporter: Alon Bar-Lev
>
> Hello,
> We have found incorrect parsing of "{" within JSON strings. It seems like the parser
searches for "{" and "}" regardless of string boundary.
> A reproduction program is attached, using latest 3.1.12 version.
> Thanks!
> h2. REPRODUCTION
> {code}
> import org.apache.cxf.jaxrs.json.basic.JsonMapObjectReaderWriter;
> public class JsonMapReaderNotWorking {
> 	
> 	public static void main(String args[]) throws Exception
> 	{
> 		JsonMapObjectReaderWriter jsonMapObjectReaderWriter = new JsonMapObjectReaderWriter();
> 		String s = "{\"x\":{\"y\":\"{\"}}";
> 		System.out.println(s);
> 		jsonMapObjectReaderWriter.fromJson(s);
> 	}
> }
> {code}
> h2. RESULT
> {code}
> 	{"x":{"y":"{"}}
> 	Exception in thread "main" java.lang.StringIndexOutOfBoundsException: String index out
of range: -6
> 		at java.lang.String.substring(String.java:1967)
> 		at org.apache.cxf.jaxrs.json.basic.JsonMapObjectReaderWriter.readJsonObjectAsSettable(JsonMapObjectReaderWriter.java:189)
> 		at org.apache.cxf.jaxrs.json.basic.JsonMapObjectReaderWriter.fromJson(JsonMapObjectReaderWriter.java:162)
> 		at JsonMapReaderNotWorking.main(JsonMapReaderNotWorking.java:13)
> {code}



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

Mime
View raw message