Return-Path: Delivered-To: apmail-harmony-commits-archive@www.apache.org Received: (qmail 24151 invoked from network); 2 Nov 2007 03:35:15 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.2) by minotaur.apache.org with SMTP; 2 Nov 2007 03:35:15 -0000 Received: (qmail 36294 invoked by uid 500); 2 Nov 2007 03:35:02 -0000 Delivered-To: apmail-harmony-commits-archive@harmony.apache.org Received: (qmail 36279 invoked by uid 500); 2 Nov 2007 03:35:02 -0000 Mailing-List: contact commits-help@harmony.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@harmony.apache.org Delivered-To: mailing list commits@harmony.apache.org Received: (qmail 36268 invoked by uid 99); 2 Nov 2007 03:35:02 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 01 Nov 2007 20:35:02 -0700 X-ASF-Spam-Status: No, hits=-100.0 required=10.0 tests=ALL_TRUSTED X-Spam-Check-By: apache.org Received: from [140.211.11.4] (HELO brutus.apache.org) (140.211.11.4) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 02 Nov 2007 03:35:31 +0000 Received: from brutus (localhost [127.0.0.1]) by brutus.apache.org (Postfix) with ESMTP id 1495B71422B for ; Thu, 1 Nov 2007 20:34:51 -0700 (PDT) Message-ID: <22978264.1193974491081.JavaMail.jira@brutus> Date: Thu, 1 Nov 2007 20:34:51 -0700 (PDT) From: "Stepan Mishura (JIRA)" To: commits@harmony.apache.org Subject: [jira] Updated: (HARMONY-5054) [classlib][security] ASN.1: BerInputStream will incorrectly resize buffer when the enveloped InputStream has lots of bytes In-Reply-To: <12385256.1193906570557.JavaMail.jira@brutus> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-Virus-Checked: Checked by ClamAV on apache.org [ https://issues.apache.org/jira/browse/HARMONY-5054?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Stepan Mishura updated HARMONY-5054: ------------------------------------ Summary: [classlib][security] ASN.1: BerInputStream will incorrectly resize buffer when the enveloped InputStream has lots of bytes (was: [ASN.1] BerInputStream will incorrectly resize buffer when the enveloped InputStream has lots of bytes) > [classlib][security] ASN.1: BerInputStream will incorrectly resize buffer when the enveloped InputStream has lots of bytes > -------------------------------------------------------------------------------------------------------------------------- > > Key: HARMONY-5054 > URL: https://issues.apache.org/jira/browse/HARMONY-5054 > Project: Harmony > Issue Type: Bug > Components: Classlib > Reporter: spark shen > Assignee: Stepan Mishura > > I was writing scenario test for ldap service provider, and trying to extract schema information from an Openldap server. The response message is quite long - longer than the initial buffer size of BerInputStream. > While decoding the reponse, I got the following exception: > org.apache.harmony.security.asn1.ASN1Exception: Unexpected end of encoding > at org.apache.harmony.security.asn1.BerInputStream.readContent(BerInputStream.java:915) > at org.apache.harmony.security.asn1.BerInputStream.readOctetString(BerInputStream.java:545) > at org.apache.harmony.security.asn1.DerInputStream.readOctetString(DerInputStream.java:113) > at org.apache.harmony.security.asn1.ASN1OctetString.decode(ASN1OctetString.java:70) > at org.apache.harmony.security.asn1.BerInputStream.decodeValueCollection(BerInputStream.java:760) > at org.apache.harmony.security.asn1.BerInputStream.readSetOf(BerInputStream.java:737) > at org.apache.harmony.security.asn1.DerInputStream.readSetOf(DerInputStream.java:139) > at org.apache.harmony.security.asn1.ASN1SetOf.decode(ASN1SetOf.java:49) > at org.apache.harmony.security.asn1.BerInputStream.readSequence(BerInputStream.java:669) > at org.apache.harmony.security.asn1.DerInputStream.readSequence(DerInputStream.java:126) > at org.apache.harmony.security.asn1.ASN1Sequence.decode(ASN1Sequence.java:49) > at org.apache.harmony.security.asn1.BerInputStream.decodeValueCollection(BerInputStream.java:760) > at org.apache.harmony.security.asn1.BerInputStream.readSequenceOf(BerInputStream.java:75) > at org.apache.harmony.security.asn1.ASN1SequenceOf.decode(ASN1SequenceOf.java:50) > at org.apache.harmony.security.asn1.BerInputStream.readSequence(BerInputStream.java:669) > at org.apache.harmony.security.asn1.DerInputStream.readSequence(DerInputStream.java:126) > at org.apache.harmony.security.asn1.ASN1Sequence.decode(ASN1Sequence.java:49) > at org.apache.harmony.security.asn1.ASN1Implicit.decode(ASN1Implicit.java:141) > at org.apache.harmony.security.asn1.ASN1Choice.decode(ASN1Choice.java:321) > at org.apache.harmony.jndi.provider.ldap.asn1.ASN1ChoiceWrap.decode(ASN1ChoiceWrap.java:78) > at org.apache.harmony.security.asn1.BerInputStream.readSequence(BerInputStream.java:669) > at org.apache.harmony.security.asn1.DerInputStream.readSequence(DerInputStream.java:126) > at org.apache.harmony.security.asn1.ASN1Sequence.decode(ASN1Sequence.java:49) > at org.apache.harmony.security.asn1.ASN1Type.decode(ASN1Type.java:17) > at org.apache.harmony.jndi.provider.ldap.LdapMessage.decode(LdapMessage.java:27) > at test.LdapTest.main(LdapTest.java:60) > I found their are 2 problems resides in ASN.1 framework > 1. Incorrectly resize buffer > > 137 if (buffer.length < length) { > 138 byte[] newBuffer = new byte[length]; > > And they should be modified into > if (buffer.length < (length + offset)) { > byte[] newBuffer = new byte[length + offset]; > 2. In method readContent, the if statement: > if (in.read(buffer, offset, length) != length) { > throw new ASN1Exception(Messages.getString("security.13C")); //$NON-NLS-1$ > } > offset += length; > is not enough to guarantee all the bytes are read into buffer. This can be fixed using a while loop: > int numread = 0, oldoffset = offset; > while ((numread = in.read(buffer, offset, length)) > 0) { > offset += numread; > length -= numread; > if(length == 0) { > break; > } > } > length = offset - oldoffset; > It's hard to write a standalone test case, due to the large number of buffer size. Writing a scenario test would be simpler. I will provide a scenario test and the fix soon. -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online.