You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@commons.apache.org by bo...@apache.org on 2018/04/22 15:45:26 UTC
[1/2] commons-compress git commit: COMPRESS-447 turn
ArrayIndexOutOfBoundsExceptions into ZipExceptions
Repository: commons-compress
Updated Branches:
refs/heads/master 777853369 -> 166b186e8
COMPRESS-447 turn ArrayIndexOutOfBoundsExceptions into ZipExceptions
Project: http://git-wip-us.apache.org/repos/asf/commons-compress/repo
Commit: http://git-wip-us.apache.org/repos/asf/commons-compress/commit/bd3e6cf2
Tree: http://git-wip-us.apache.org/repos/asf/commons-compress/tree/bd3e6cf2
Diff: http://git-wip-us.apache.org/repos/asf/commons-compress/diff/bd3e6cf2
Branch: refs/heads/master
Commit: bd3e6cf204f249c2d60eca2268c8b9f402149f1b
Parents: 7778533
Author: Stefan Bodewig <bo...@apache.org>
Authored: Sun Apr 22 17:44:25 2018 +0200
Committer: Stefan Bodewig <bo...@apache.org>
Committed: Sun Apr 22 17:44:25 2018 +0200
----------------------------------------------------------------------
src/changes/changes.xml | 5 ++++
.../compress/archivers/zip/ExtraFieldUtils.java | 5 ++++
.../archivers/zip/ExtraFieldUtilsTest.java | 29 ++++++++++++++++++++
3 files changed, 39 insertions(+)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/commons-compress/blob/bd3e6cf2/src/changes/changes.xml
----------------------------------------------------------------------
diff --git a/src/changes/changes.xml b/src/changes/changes.xml
index 31b2439..e1d5ecc 100644
--- a/src/changes/changes.xml
+++ b/src/changes/changes.xml
@@ -55,6 +55,11 @@ The <action> type attribute can be add,update,fix,remove.
Fixed some code examples.
Github Pull Request #63.
</action>
+ <action issue="COMPRESS-447" type="fix" date="2018-04-22">
+ Certain errors when parsing ZIP extra fields in corrupt
+ archives are now turned into ZipException, they used to
+ manifest as ArrayIndexOutOfBoundsException before.
+ </action>
</release>
<release version="1.16.1" date="2018-02-10"
description="Release 1.16.1">
http://git-wip-us.apache.org/repos/asf/commons-compress/blob/bd3e6cf2/src/main/java/org/apache/commons/compress/archivers/zip/ExtraFieldUtils.java
----------------------------------------------------------------------
diff --git a/src/main/java/org/apache/commons/compress/archivers/zip/ExtraFieldUtils.java b/src/main/java/org/apache/commons/compress/archivers/zip/ExtraFieldUtils.java
index 14691c4..b41dbb6 100644
--- a/src/main/java/org/apache/commons/compress/archivers/zip/ExtraFieldUtils.java
+++ b/src/main/java/org/apache/commons/compress/archivers/zip/ExtraFieldUtils.java
@@ -175,12 +175,17 @@ public class ExtraFieldUtils {
}
try {
final ZipExtraField ze = createExtraField(headerId);
+ try {
if (local) {
ze.parseFromLocalFileData(data, start + WORD, length);
} else {
ze.parseFromCentralDirectoryData(data, start + WORD,
length);
}
+ } catch (ArrayIndexOutOfBoundsException aiobe) {
+ throw (ZipException) new ZipException("Failed to parse corrupt ZIP extra field of type "
+ + Integer.toHexString(headerId.getValue())).initCause(aiobe);
+ }
v.add(ze);
} catch (final InstantiationException | IllegalAccessException ie) {
throw (ZipException) new ZipException(ie.getMessage()).initCause(ie);
http://git-wip-us.apache.org/repos/asf/commons-compress/blob/bd3e6cf2/src/test/java/org/apache/commons/compress/archivers/zip/ExtraFieldUtilsTest.java
----------------------------------------------------------------------
diff --git a/src/test/java/org/apache/commons/compress/archivers/zip/ExtraFieldUtilsTest.java b/src/test/java/org/apache/commons/compress/archivers/zip/ExtraFieldUtilsTest.java
index 3803817..56b7d76 100644
--- a/src/test/java/org/apache/commons/compress/archivers/zip/ExtraFieldUtilsTest.java
+++ b/src/test/java/org/apache/commons/compress/archivers/zip/ExtraFieldUtilsTest.java
@@ -23,6 +23,8 @@ import static org.junit.Assert.*;
import org.junit.Before;
import org.junit.Test;
+import java.util.zip.ZipException;
+
/**
* JUnit testcases for org.apache.commons.compress.archivers.zip.ExtraFieldUtils.
*
@@ -93,6 +95,33 @@ public class ExtraFieldUtilsTest implements UnixStat {
e.getMessage());
}
}
+
+ @Test
+ public void parseTurnsArrayIndexOutOfBoundsIntoZipException() throws Exception {
+ AsiExtraField f = new AsiExtraField();
+ f.setLinkedFile("foo");
+ byte[] l = f.getLocalFileDataData();
+ // manipulate size of path name to read 4 rather than 3
+ l[9] = 4;
+ // and fake CRC so we actually reach the AIOBE
+ l[0] = (byte) 0x52;
+ l[1] = (byte) 0x26;
+ l[2] = (byte) 0x18;
+ l[3] = (byte) 0x19;
+ byte[] d = new byte[4 + l.length];
+ System.arraycopy(f.getHeaderId().getBytes(), 0, d, 0, 2);
+ System.arraycopy(f.getLocalFileDataLength().getBytes(), 0, d, 2, 2);
+ System.arraycopy(l, 0, d, 4, l.length);
+ try {
+ ExtraFieldUtils.parse(d);
+ fail("data should be invalid");
+ } catch (final ZipException e) {
+ assertEquals("message",
+ "Failed to parse corrupt ZIP extra field of type 756e",
+ e.getMessage());
+ }
+ }
+
@Test
public void testParseCentral() throws Exception {
final ZipExtraField[] ze = ExtraFieldUtils.parse(data,false);
Re: [1/2] commons-compress git commit: COMPRESS-447 turn
ArrayIndexOutOfBoundsExceptions into ZipExceptions
Posted by Gary Gregory <ga...@gmail.com>.
Simple and pragmatic: -)
Gary
On Sun, Apr 22, 2018, 09:45 <bo...@apache.org> wrote:
> Repository: commons-compress
> Updated Branches:
> refs/heads/master 777853369 -> 166b186e8
>
>
> COMPRESS-447 turn ArrayIndexOutOfBoundsExceptions into ZipExceptions
>
>
> Project: http://git-wip-us.apache.org/repos/asf/commons-compress/repo
> Commit:
> http://git-wip-us.apache.org/repos/asf/commons-compress/commit/bd3e6cf2
> Tree:
> http://git-wip-us.apache.org/repos/asf/commons-compress/tree/bd3e6cf2
> Diff:
> http://git-wip-us.apache.org/repos/asf/commons-compress/diff/bd3e6cf2
>
> Branch: refs/heads/master
> Commit: bd3e6cf204f249c2d60eca2268c8b9f402149f1b
> Parents: 7778533
> Author: Stefan Bodewig <bo...@apache.org>
> Authored: Sun Apr 22 17:44:25 2018 +0200
> Committer: Stefan Bodewig <bo...@apache.org>
> Committed: Sun Apr 22 17:44:25 2018 +0200
>
> ----------------------------------------------------------------------
> src/changes/changes.xml | 5 ++++
> .../compress/archivers/zip/ExtraFieldUtils.java | 5 ++++
> .../archivers/zip/ExtraFieldUtilsTest.java | 29 ++++++++++++++++++++
> 3 files changed, 39 insertions(+)
> ----------------------------------------------------------------------
>
>
>
> http://git-wip-us.apache.org/repos/asf/commons-compress/blob/bd3e6cf2/src/changes/changes.xml
> ----------------------------------------------------------------------
> diff --git a/src/changes/changes.xml b/src/changes/changes.xml
> index 31b2439..e1d5ecc 100644
> --- a/src/changes/changes.xml
> +++ b/src/changes/changes.xml
> @@ -55,6 +55,11 @@ The <action> type attribute can be
> add,update,fix,remove.
> Fixed some code examples.
> Github Pull Request #63.
> </action>
> + <action issue="COMPRESS-447" type="fix" date="2018-04-22">
> + Certain errors when parsing ZIP extra fields in corrupt
> + archives are now turned into ZipException, they used to
> + manifest as ArrayIndexOutOfBoundsException before.
> + </action>
> </release>
> <release version="1.16.1" date="2018-02-10"
> description="Release 1.16.1">
>
>
> http://git-wip-us.apache.org/repos/asf/commons-compress/blob/bd3e6cf2/src/main/java/org/apache/commons/compress/archivers/zip/ExtraFieldUtils.java
> ----------------------------------------------------------------------
> diff --git
> a/src/main/java/org/apache/commons/compress/archivers/zip/ExtraFieldUtils.java
> b/src/main/java/org/apache/commons/compress/archivers/zip/ExtraFieldUtils.java
> index 14691c4..b41dbb6 100644
> ---
> a/src/main/java/org/apache/commons/compress/archivers/zip/ExtraFieldUtils.java
> +++
> b/src/main/java/org/apache/commons/compress/archivers/zip/ExtraFieldUtils.java
> @@ -175,12 +175,17 @@ public class ExtraFieldUtils {
> }
> try {
> final ZipExtraField ze = createExtraField(headerId);
> + try {
> if (local) {
> ze.parseFromLocalFileData(data, start + WORD, length);
> } else {
> ze.parseFromCentralDirectoryData(data, start + WORD,
> length);
> }
> + } catch (ArrayIndexOutOfBoundsException aiobe) {
> + throw (ZipException) new ZipException("Failed to
> parse corrupt ZIP extra field of type "
> + +
> Integer.toHexString(headerId.getValue())).initCause(aiobe);
> + }
> v.add(ze);
> } catch (final InstantiationException |
> IllegalAccessException ie) {
> throw (ZipException) new
> ZipException(ie.getMessage()).initCause(ie);
>
>
> http://git-wip-us.apache.org/repos/asf/commons-compress/blob/bd3e6cf2/src/test/java/org/apache/commons/compress/archivers/zip/ExtraFieldUtilsTest.java
> ----------------------------------------------------------------------
> diff --git
> a/src/test/java/org/apache/commons/compress/archivers/zip/ExtraFieldUtilsTest.java
> b/src/test/java/org/apache/commons/compress/archivers/zip/ExtraFieldUtilsTest.java
> index 3803817..56b7d76 100644
> ---
> a/src/test/java/org/apache/commons/compress/archivers/zip/ExtraFieldUtilsTest.java
> +++
> b/src/test/java/org/apache/commons/compress/archivers/zip/ExtraFieldUtilsTest.java
> @@ -23,6 +23,8 @@ import static org.junit.Assert.*;
> import org.junit.Before;
> import org.junit.Test;
>
> +import java.util.zip.ZipException;
> +
> /**
> * JUnit testcases for
> org.apache.commons.compress.archivers.zip.ExtraFieldUtils.
> *
> @@ -93,6 +95,33 @@ public class ExtraFieldUtilsTest implements UnixStat {
> e.getMessage());
> }
> }
> +
> + @Test
> + public void parseTurnsArrayIndexOutOfBoundsIntoZipException() throws
> Exception {
> + AsiExtraField f = new AsiExtraField();
> + f.setLinkedFile("foo");
> + byte[] l = f.getLocalFileDataData();
> + // manipulate size of path name to read 4 rather than 3
> + l[9] = 4;
> + // and fake CRC so we actually reach the AIOBE
> + l[0] = (byte) 0x52;
> + l[1] = (byte) 0x26;
> + l[2] = (byte) 0x18;
> + l[3] = (byte) 0x19;
> + byte[] d = new byte[4 + l.length];
> + System.arraycopy(f.getHeaderId().getBytes(), 0, d, 0, 2);
> + System.arraycopy(f.getLocalFileDataLength().getBytes(), 0, d, 2,
> 2);
> + System.arraycopy(l, 0, d, 4, l.length);
> + try {
> + ExtraFieldUtils.parse(d);
> + fail("data should be invalid");
> + } catch (final ZipException e) {
> + assertEquals("message",
> + "Failed to parse corrupt ZIP extra field of type
> 756e",
> + e.getMessage());
> + }
> + }
> +
> @Test
> public void testParseCentral() throws Exception {
> final ZipExtraField[] ze = ExtraFieldUtils.parse(data,false);
>
>
[2/2] commons-compress git commit: whitespace
Posted by bo...@apache.org.
whitespace
Project: http://git-wip-us.apache.org/repos/asf/commons-compress/repo
Commit: http://git-wip-us.apache.org/repos/asf/commons-compress/commit/166b186e
Tree: http://git-wip-us.apache.org/repos/asf/commons-compress/tree/166b186e
Diff: http://git-wip-us.apache.org/repos/asf/commons-compress/diff/166b186e
Branch: refs/heads/master
Commit: 166b186e826799d30de2b2cab4bfc54410d02b0a
Parents: bd3e6cf
Author: Stefan Bodewig <bo...@apache.org>
Authored: Sun Apr 22 17:45:11 2018 +0200
Committer: Stefan Bodewig <bo...@apache.org>
Committed: Sun Apr 22 17:45:11 2018 +0200
----------------------------------------------------------------------
.../commons/compress/archivers/zip/ExtraFieldUtils.java | 11 +++++------
1 file changed, 5 insertions(+), 6 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/commons-compress/blob/166b186e/src/main/java/org/apache/commons/compress/archivers/zip/ExtraFieldUtils.java
----------------------------------------------------------------------
diff --git a/src/main/java/org/apache/commons/compress/archivers/zip/ExtraFieldUtils.java b/src/main/java/org/apache/commons/compress/archivers/zip/ExtraFieldUtils.java
index b41dbb6..eed6cb9 100644
--- a/src/main/java/org/apache/commons/compress/archivers/zip/ExtraFieldUtils.java
+++ b/src/main/java/org/apache/commons/compress/archivers/zip/ExtraFieldUtils.java
@@ -176,12 +176,11 @@ public class ExtraFieldUtils {
try {
final ZipExtraField ze = createExtraField(headerId);
try {
- if (local) {
- ze.parseFromLocalFileData(data, start + WORD, length);
- } else {
- ze.parseFromCentralDirectoryData(data, start + WORD,
- length);
- }
+ if (local) {
+ ze.parseFromLocalFileData(data, start + WORD, length);
+ } else {
+ ze.parseFromCentralDirectoryData(data, start + WORD, length);
+ }
} catch (ArrayIndexOutOfBoundsException aiobe) {
throw (ZipException) new ZipException("Failed to parse corrupt ZIP extra field of type "
+ Integer.toHexString(headerId.getValue())).initCause(aiobe);