You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by co...@apache.org on 2021/04/08 18:08:08 UTC

[cxf] branch 3.4.x-fixes updated: CXF-8454 - DOS vulnerability in bearer token parsing

This is an automated email from the ASF dual-hosted git repository.

coheigea pushed a commit to branch 3.4.x-fixes
in repository https://gitbox.apache.org/repos/asf/cxf.git


The following commit(s) were added to refs/heads/3.4.x-fixes by this push:
     new 4aede7c  CXF-8454 - DOS vulnerability in bearer token parsing
4aede7c is described below

commit 4aede7c6a083c65299ec0465d26b1c29b8124eef
Author: Colm O hEigeartaigh <co...@apache.org>
AuthorDate: Thu Apr 8 19:07:20 2021 +0100

    CXF-8454 - DOS vulnerability in bearer token parsing
    
    (cherry picked from commit 5ac22a447d4d141b849e2b49f1a73db1576adc43)
---
 .../apache/cxf/jaxrs/json/basic/JsonMapObjectReaderWriter.java    | 5 ++++-
 .../cxf/jaxrs/json/basic/JsonMapObjectReaderWriterTest.java       | 8 ++++++++
 2 files changed, 12 insertions(+), 1 deletion(-)

diff --git a/rt/rs/extensions/json-basic/src/main/java/org/apache/cxf/jaxrs/json/basic/JsonMapObjectReaderWriter.java b/rt/rs/extensions/json-basic/src/main/java/org/apache/cxf/jaxrs/json/basic/JsonMapObjectReaderWriter.java
index 9878f75..6c319ab 100644
--- a/rt/rs/extensions/json-basic/src/main/java/org/apache/cxf/jaxrs/json/basic/JsonMapObjectReaderWriter.java
+++ b/rt/rs/extensions/json-basic/src/main/java/org/apache/cxf/jaxrs/json/basic/JsonMapObjectReaderWriter.java
@@ -181,6 +181,9 @@ public class JsonMapObjectReaderWriter {
             int from = json.charAt(i) == DQUOTE ? i + 1 : i;
             String name = json.substring(from, closingQuote);
             int sepIndex = json.indexOf(COLON, closingQuote + 1);
+            if (sepIndex == -1) {
+                throw new UncheckedIOException(new IOException("Error in parsing json"));
+            }
 
             int j = 1;
             while (Character.isWhitespace(json.charAt(sepIndex + j))) {
@@ -246,7 +249,7 @@ public class JsonMapObjectReaderWriter {
             }
         }
 
-        if (value instanceof String) {
+        if (value instanceof String && ((String)value).contains("\\/")) {
             // Escape an encoded forward slash
             value = ((String) value).replace("\\/", "/");
         }
diff --git a/rt/rs/extensions/json-basic/src/test/java/org/apache/cxf/jaxrs/json/basic/JsonMapObjectReaderWriterTest.java b/rt/rs/extensions/json-basic/src/test/java/org/apache/cxf/jaxrs/json/basic/JsonMapObjectReaderWriterTest.java
index 4157cd7..dcd0994 100644
--- a/rt/rs/extensions/json-basic/src/test/java/org/apache/cxf/jaxrs/json/basic/JsonMapObjectReaderWriterTest.java
+++ b/rt/rs/extensions/json-basic/src/test/java/org/apache/cxf/jaxrs/json/basic/JsonMapObjectReaderWriterTest.java
@@ -19,6 +19,7 @@
 
 package org.apache.cxf.jaxrs.json.basic;
 
+import java.io.UncheckedIOException;
 import java.util.Collections;
 import java.util.Date;
 import java.util.LinkedHashMap;
@@ -140,4 +141,11 @@ public class JsonMapObjectReaderWriterTest {
         assertEquals(expectedKid, kid);
     }
 
+    @Test(expected = UncheckedIOException.class)
+    public void testMalformedInput() throws Exception {
+        JsonMapObjectReaderWriter jsonMapObjectReaderWriter = new JsonMapObjectReaderWriter();
+        String s = "{\"nonce\":\"\",:V\"'";
+        jsonMapObjectReaderWriter.fromJson(s);
+    }
+
 }
\ No newline at end of file