You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@commons.apache.org by bo...@apache.org on 2018/08/16 12:49:06 UTC
[1/2] commons-compress git commit: update security page with
CVE-2018-11771
Repository: commons-compress
Updated Branches:
refs/heads/master a7a95f04b -> 087e4a9d5
update security page with CVE-2018-11771
Project: http://git-wip-us.apache.org/repos/asf/commons-compress/repo
Commit: http://git-wip-us.apache.org/repos/asf/commons-compress/commit/1efa5de8
Tree: http://git-wip-us.apache.org/repos/asf/commons-compress/tree/1efa5de8
Diff: http://git-wip-us.apache.org/repos/asf/commons-compress/diff/1efa5de8
Branch: refs/heads/master
Commit: 1efa5de83e0f00fec485fbc9669e17d30556ed98
Parents: a7a95f0
Author: Stefan Bodewig <bo...@apache.org>
Authored: Thu Aug 16 14:47:53 2018 +0200
Committer: Stefan Bodewig <bo...@apache.org>
Committed: Thu Aug 16 14:47:53 2018 +0200
----------------------------------------------------------------------
src/site/xdoc/security-reports.xml | 23 +++++++++++++++++++++++
1 file changed, 23 insertions(+)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/commons-compress/blob/1efa5de8/src/site/xdoc/security-reports.xml
----------------------------------------------------------------------
diff --git a/src/site/xdoc/security-reports.xml b/src/site/xdoc/security-reports.xml
index fcca3ab..9a996fb 100644
--- a/src/site/xdoc/security-reports.xml
+++ b/src/site/xdoc/security-reports.xml
@@ -54,6 +54,29 @@
the descriptions here are incomplete, please report them
privately to the Apache Security Team. Thank you.</p>
+ <subsection name="Fixed in Apache Commons Compress 1.18">
+ <p><b>Low: Denial of Service</b> <a
+ href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11771">CVE-2018-11771</a></p>
+
+ <p>When reading a specially crafted ZIP archive, the read
+ method of <code>ZipArchiveInputStream</code> can fail to
+ return the correct EOF indication after the end of the
+ stream has been reached. When combined with a
+ <code>java.io.InputStreamReader</code> this can lead to an
+ infinite stream, which can be used to mount a denial of
+ service attack against services that use Compress' zip
+ package</p>
+
+ <p>This was fixed in revision <a
+ href="https://git-wip-us.apache.org/repos/asf?p=commons-compress.git;a=blobdiff;f=src/main/java/org/apache/commons/compress/archivers/zip/ZipArchiveInputStream.java;h=e1995d7aa51dfac6ae933987fb0b7760c607582b;hp=0a2c1aa0063c620c867715119eae2013c87b5e70;hb=a41ce6892cb0590b2e658704434ac0dbcb6834c8;hpb=64ed6dde03afbef6715fdfdeab5fc04be6192899">a41ce68</a>.</p>
+
+ <p>This was <!-- first reported to the Security Team on 12 April
+ 2012 and --> made public on 16 August 2018.</p>
+
+ <p>Affects: 1.7 - 1.17</p>
+
+ </subsection>
+
<subsection name="Fixed in Apache Commons Compress 1.16">
<p><b>Low: Denial of Service</b> <a
href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1324">CVE-2018-1324</a></p>
[2/2] commons-compress git commit: make Sonar less unhappy
Posted by bo...@apache.org.
make Sonar less unhappy
Project: http://git-wip-us.apache.org/repos/asf/commons-compress/repo
Commit: http://git-wip-us.apache.org/repos/asf/commons-compress/commit/087e4a9d
Tree: http://git-wip-us.apache.org/repos/asf/commons-compress/tree/087e4a9d
Diff: http://git-wip-us.apache.org/repos/asf/commons-compress/diff/087e4a9d
Branch: refs/heads/master
Commit: 087e4a9d51437243eb0a4698b3bd2b71b4567c3e
Parents: 1efa5de
Author: Stefan Bodewig <bo...@apache.org>
Authored: Thu Aug 16 14:48:50 2018 +0200
Committer: Stefan Bodewig <bo...@apache.org>
Committed: Thu Aug 16 14:48:50 2018 +0200
----------------------------------------------------------------------
.../commons/compress/archivers/ar/ArArchiveInputStream.java | 6 ++----
.../apache/commons/compress/archivers/examples/Expander.java | 6 ++----
.../commons/compress/archivers/zip/ZipArchiveInputStream.java | 6 +++---
3 files changed, 7 insertions(+), 11 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/commons-compress/blob/087e4a9d/src/main/java/org/apache/commons/compress/archivers/ar/ArArchiveInputStream.java
----------------------------------------------------------------------
diff --git a/src/main/java/org/apache/commons/compress/archivers/ar/ArArchiveInputStream.java b/src/main/java/org/apache/commons/compress/archivers/ar/ArArchiveInputStream.java
index 3ed8f2f..206d388 100644
--- a/src/main/java/org/apache/commons/compress/archivers/ar/ArArchiveInputStream.java
+++ b/src/main/java/org/apache/commons/compress/archivers/ar/ArArchiveInputStream.java
@@ -264,13 +264,11 @@ public class ArArchiveInputStream extends ArchiveInputStream {
if (currentEntry == null) {
throw new IllegalStateException("No current ar entry");
}
- int toRead = len;
final long entryEnd = entryOffset + currentEntry.getLength();
- if (len > 0 && entryEnd > offset) {
- toRead = (int) Math.min(len, entryEnd - offset);
- } else {
+ if (len < 0 || offset >= entryEnd) {
return -1;
}
+ final int toRead = (int) Math.min(len, entryEnd - offset);
final int ret = this.input.read(b, off, toRead);
trackReadBytes(ret);
return ret;
http://git-wip-us.apache.org/repos/asf/commons-compress/blob/087e4a9d/src/main/java/org/apache/commons/compress/archivers/examples/Expander.java
----------------------------------------------------------------------
diff --git a/src/main/java/org/apache/commons/compress/archivers/examples/Expander.java b/src/main/java/org/apache/commons/compress/archivers/examples/Expander.java
index cfaba87..4922527 100644
--- a/src/main/java/org/apache/commons/compress/archivers/examples/Expander.java
+++ b/src/main/java/org/apache/commons/compress/archivers/examples/Expander.java
@@ -222,11 +222,9 @@ public class Expander {
@Override
public void writeEntryDataTo(ArchiveEntry entry, OutputStream out) throws IOException {
final byte[] buffer = new byte[8024];
- int n = 0;
- long count = 0;
+ int n;
while (-1 != (n = archive.read(buffer))) {
out.write(buffer, 0, n);
- count += n;
}
}
}, targetDirectory);
@@ -240,7 +238,7 @@ public class Expander {
throws IOException {
String targetDirPath = targetDirectory.getCanonicalPath();
if (!targetDirPath.endsWith(File.separator)) {
- targetDirPath += File.separatorChar;
+ targetDirPath += File.separator;
}
ArchiveEntry nextEntry = supplier.getNextReadableEntry();
while (nextEntry != null) {
http://git-wip-us.apache.org/repos/asf/commons-compress/blob/087e4a9d/src/main/java/org/apache/commons/compress/archivers/zip/ZipArchiveInputStream.java
----------------------------------------------------------------------
diff --git a/src/main/java/org/apache/commons/compress/archivers/zip/ZipArchiveInputStream.java b/src/main/java/org/apache/commons/compress/archivers/zip/ZipArchiveInputStream.java
index e1995d7..196e402 100644
--- a/src/main/java/org/apache/commons/compress/archivers/zip/ZipArchiveInputStream.java
+++ b/src/main/java/org/apache/commons/compress/archivers/zip/ZipArchiveInputStream.java
@@ -246,7 +246,7 @@ public class ZipArchiveInputStream extends ArchiveInputStream implements InputSt
} else {
readFully(lfhBuf);
}
- } catch (final EOFException e) {
+ } catch (final EOFException e) { //NOSONAR
return null;
}
@@ -1120,7 +1120,7 @@ public class ZipArchiveInputStream extends ArchiveInputStream implements InputSt
// LFH has already been read and all but the first eight bytes contain (part of) the APK signing block,
// also subtract 16 bytes in order to position us at the magic string
BigInteger toSkip = len.add(BigInteger.valueOf(DWORD - suspectLocalFileHeader.length
- - APK_SIGNING_BLOCK_MAGIC.length));
+ - (long) APK_SIGNING_BLOCK_MAGIC.length));
byte[] magic = new byte[APK_SIGNING_BLOCK_MAGIC.length];
try {
@@ -1144,7 +1144,7 @@ public class ZipArchiveInputStream extends ArchiveInputStream implements InputSt
realSkip(toSkip.longValue());
readFully(magic);
}
- } catch (EOFException ex) {
+ } catch (EOFException ex) { //NOSONAR
// length was invalid
return false;
}