harmony-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Stepan Mishura (JIRA)" <j...@apache.org>
Subject [jira] Commented: (HARMONY-5054) [classlib][security] ASN.1: BerInputStream will incorrectly resize buffer when the enveloped InputStream has lots of bytes
Date Mon, 12 Nov 2007 15:44:50 GMT

    [ https://issues.apache.org/jira/browse/HARMONY-5054?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12541813
] 

Stepan Mishura commented on HARMONY-5054:
-----------------------------------------

The fix and the regression test for the test case above was committed to SECURITY module at
r594188.
Please check that the fix works for you.

> [classlib][security] ASN.1: BerInputStream will incorrectly resize buffer when the enveloped
InputStream has lots of bytes
> --------------------------------------------------------------------------------------------------------------------------
>
>                 Key: HARMONY-5054
>                 URL: https://issues.apache.org/jira/browse/HARMONY-5054
>             Project: Harmony
>          Issue Type: Bug
>          Components: Classlib
>            Reporter: spark shen
>            Assignee: Stepan Mishura
>
> I was writing scenario test for ldap service provider, and trying to extract schema information
from an Openldap server. The response message is quite long - longer than the initial buffer
size of BerInputStream. 
> While decoding the reponse, I got the following exception:
> org.apache.harmony.security.asn1.ASN1Exception: Unexpected end of encoding
> 	at org.apache.harmony.security.asn1.BerInputStream.readContent(BerInputStream.java:915)
> 	at org.apache.harmony.security.asn1.BerInputStream.readOctetString(BerInputStream.java:545)
> 	at org.apache.harmony.security.asn1.DerInputStream.readOctetString(DerInputStream.java:113)
> 	at org.apache.harmony.security.asn1.ASN1OctetString.decode(ASN1OctetString.java:70)
> 	at org.apache.harmony.security.asn1.BerInputStream.decodeValueCollection(BerInputStream.java:760)
> 	at org.apache.harmony.security.asn1.BerInputStream.readSetOf(BerInputStream.java:737)
> 	at org.apache.harmony.security.asn1.DerInputStream.readSetOf(DerInputStream.java:139)
> 	at org.apache.harmony.security.asn1.ASN1SetOf.decode(ASN1SetOf.java:49)
> 	at org.apache.harmony.security.asn1.BerInputStream.readSequence(BerInputStream.java:669)
> 	at org.apache.harmony.security.asn1.DerInputStream.readSequence(DerInputStream.java:126)
> 	at org.apache.harmony.security.asn1.ASN1Sequence.decode(ASN1Sequence.java:49)
> 	at org.apache.harmony.security.asn1.BerInputStream.decodeValueCollection(BerInputStream.java:760)
> 	at org.apache.harmony.security.asn1.BerInputStream.readSequenceOf(BerInputStream.java:75)
> 	at org.apache.harmony.security.asn1.ASN1SequenceOf.decode(ASN1SequenceOf.java:50)
> 	at org.apache.harmony.security.asn1.BerInputStream.readSequence(BerInputStream.java:669)
> 	at org.apache.harmony.security.asn1.DerInputStream.readSequence(DerInputStream.java:126)
> 	at org.apache.harmony.security.asn1.ASN1Sequence.decode(ASN1Sequence.java:49)
> 	at org.apache.harmony.security.asn1.ASN1Implicit.decode(ASN1Implicit.java:141)
> 	at org.apache.harmony.security.asn1.ASN1Choice.decode(ASN1Choice.java:321)
> 	at org.apache.harmony.jndi.provider.ldap.asn1.ASN1ChoiceWrap.decode(ASN1ChoiceWrap.java:78)
> 	at org.apache.harmony.security.asn1.BerInputStream.readSequence(BerInputStream.java:669)
> 	at org.apache.harmony.security.asn1.DerInputStream.readSequence(DerInputStream.java:126)
> 	at org.apache.harmony.security.asn1.ASN1Sequence.decode(ASN1Sequence.java:49)
> 	at org.apache.harmony.security.asn1.ASN1Type.decode(ASN1Type.java:17)
> 	at org.apache.harmony.jndi.provider.ldap.LdapMessage.decode(LdapMessage.java:27)
> 	at test.LdapTest.main(LdapTest.java:60)
> I found their are 2 problems resides in ASN.1 framework
> 1.  Incorrectly resize buffer
> <BerInputStream.java>
> 137         if (buffer.length < length) {
> 138                byte[] newBuffer = new byte[length];
> </BerInputStream.java>
> And they should be modified into 
> if (buffer.length < (length + offset)) {
>                 byte[] newBuffer = new byte[length + offset];
> 2. In method readContent, the if statement:
>             if (in.read(buffer, offset, length) != length) {
>                 throw new ASN1Exception(Messages.getString("security.13C")); //$NON-NLS-1$
>             }
>             offset += length;
> is not enough to guarantee all the bytes are read into buffer. This can be fixed using
a while loop:
>             int numread = 0, oldoffset = offset;
>             while ((numread = in.read(buffer, offset, length)) > 0) {
>                 offset += numread;
>                 length -= numread;
>                 if(length == 0) {
>                     break;
>                 }
>             }
>             length = offset - oldoffset;
> It's hard to write a standalone test case, due to the large number of buffer size. Writing
a scenario test would be simpler. I will provide a scenario test and the fix soon.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


Mime
View raw message