harmony-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Spark Shen" <smallsmallor...@gmail.com>
Subject Re: [classlib][security] HARMONY-5054 status was ([jira] Created: (HARMONY-5054) [ASN.1] BerInputStream will incorrectly resize buffer when the enveloped InputStream has lots of bytes)
Date Wed, 14 Nov 2007 02:23:30 GMT
2007/11/12, Stepan Mishura <stepan.mishura@gmail.com>:
>
> On 11/12/07, Spark Shen <smallsmallorgan@gmail.com> wrote:
> > Hi
> >
> > Stepan, Sorry for the so late reply. Regis, Liang Jia & I was busy
> > developing ldap features and did not notice your comment. Please see my
> in
> > line comments.
> >
> > <snip>
> > But I can not understand what wrong with the BerInputStream constructor
> - in
> > case of InputStream parameter the data is read from the beggining so
> offeset
> > has to be 0.
> > </snip>
> > I think the problem is the next() method invocation on line 132 of
> > constructor. In this method offset is updated. So when the program goes
> > through line 137, the offset
> > is no longer zero.
> >
>
> Hi Spark,
>
> You are right. Thanks for the reproducer!
> I think this execution path has never been tested. I've fixed it at
> r594188.
>
> > <snip>
> > A standalone test case would greatly help to understand what should be
> > fixed.
> > </snip>
> > The test case requires a ldap server, and I planned to provide a
> scenario
> > test and a adapter to BTI. But the effort was not trial as I expected.
> >
>
> If you let me know how large ldap request is and its bytes values in
> the beginning then I can try to create a reproducer without ldap
> server.


The request is:
[48, -127, -105, 2, 1, 2, 99, 117, 4, 12, 99, 110, 61, 83, 117, 98, 115, 99,
104, 101, 109, 97, 10, 1, 0, 10, 1, 3, 2, 1, 0, 2, 1, 0, 1, 1, 0, -93, 24,
4, 11, 111, 98, 106, 101, 99, 116, 99, 108, 97, 115, 115, 4, 9, 115, 117,
98, 115, 99, 104, 101, 109, 97, 48, 60, 4, 13, 111, 98, 106, 101, 99, 116,
99, 108, 97, 115, 115, 101, 115, 4, 14, 97, 116, 116, 114, 105, 98, 117,
116, 101, 116, 121, 112, 101, 115, 4, 13, 109, 97, 116, 99, 104, 105, 110,
103, 114, 117, 108, 101, 115, 4, 12, 108, 100, 97, 112, 115, 121, 110, 116,
97, 120, 101, 115, -96, 27, 48, 25, 4, 23, 50, 46, 49, 54, 46, 56, 52, 48,
46, 49, 46, 49, 49, 51, 55, 51, 48, 46, 51, 46, 52, 46, 50]

The search is sent to an openldap server, against DN "cn=Subschema".
The search scope is object scope.
The required attributes are "objectclasses","attributetypes",
"matchingrules", "ldapsyntaxes" respectively.

I checked your fix, and seems my second point did not convinced you. :-)
2. In method readContent, the if statement:

            if (in.read(buffer, offset, length) != length) {
                throw new ASN1Exception(Messages.getString("security.13C"));
//$NON-NLS-1$
            }
            offset += length;
is not enough to guarantee all the bytes are read into buffer. This can be
fixed using a while loop:

            int numread = 0, oldoffset = offset;
            while ((numread = in.read(buffer, offset, length)) > 0) {
                offset += numread;
                length -= numread;
                if(length == 0) {
                    break;
                }
            }
            length = offset - oldoffset;
When decoding input from an inputStream retrieved from socket, the if
statement here is not adequate
to guarantee all the response bytes from server been collected.

I doubt the off-line reproducer can unveal this bug. Correct if I am wrong.


Thanks,
> Stepan.
>
> > <snip>
> > Could you provide first 10 bytes of incoming data and total size of ldap
> > server request?
> > </snip>
> > Wait a minute please, I am working on it. :-)
> > --
> > Spark Shen
> > China Software Development Lab, IBM
> >
>



-- 
Spark Shen
China Software Development Lab, IBM

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message