You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@commons.apache.org by bo...@apache.org on 2020/05/23 21:17:47 UTC

[commons-compress] branch master updated: COMPRESS-519 another missed bounds check

This is an automated email from the ASF dual-hosted git repository.

bodewig pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/commons-compress.git


The following commit(s) were added to refs/heads/master by this push:
     new ea37bc1  COMPRESS-519 another missed bounds check
ea37bc1 is described below

commit ea37bc163ecd6dfa9e0ec4935f4f0d1557c30b4d
Author: Stefan Bodewig <bo...@apache.org>
AuthorDate: Sat May 23 23:17:22 2020 +0200

    COMPRESS-519 another missed bounds check
---
 src/changes/changes.xml                            |  1 +
 .../bzip2/BZip2CompressorInputStream.java          |  1 +
 .../bzip2/BZip2CompressorInputStreamTest.java      | 62 ++++++++++++++++------
 3 files changed, 47 insertions(+), 17 deletions(-)

diff --git a/src/changes/changes.xml b/src/changes/changes.xml
index e454ea7..1d1e1e9 100644
--- a/src/changes/changes.xml
+++ b/src/changes/changes.xml
@@ -72,6 +72,7 @@ The <action> type attribute can be add,update,fix,remove.
         Added improved checks to detect corrupted bzip2 streams and
         throw the expected IOException rather than obscure
         RuntimeExceptions.
+        See also COMPRESS-519.
       </action>
       <action issue="COMPRESS-517" type="fix" date="2020-05-23">
         Improved parsing of X5455_ExtendedTimestamp ZIP extra field.
diff --git a/src/main/java/org/apache/commons/compress/compressors/bzip2/BZip2CompressorInputStream.java b/src/main/java/org/apache/commons/compress/compressors/bzip2/BZip2CompressorInputStream.java
index 18b4be0..63e417c 100644
--- a/src/main/java/org/apache/commons/compress/compressors/bzip2/BZip2CompressorInputStream.java
+++ b/src/main/java/org/apache/commons/compress/compressors/bzip2/BZip2CompressorInputStream.java
@@ -659,6 +659,7 @@ public class BZip2CompressorInputStream extends CompressorInputStream
                     checkBounds(tmp, MAX_ALPHA_SIZE, "zvec");
                     nextSym = perm_zt[tmp];
                 }
+                checkBounds(s, this.data.ll8.length, "s");
 
                 final int yy0 = yy[0];
                 checkBounds(yy0, 256, "yy");
diff --git a/src/test/java/org/apache/commons/compress/compressors/bzip2/BZip2CompressorInputStreamTest.java b/src/test/java/org/apache/commons/compress/compressors/bzip2/BZip2CompressorInputStreamTest.java
index d338370..ee7a97e 100644
--- a/src/test/java/org/apache/commons/compress/compressors/bzip2/BZip2CompressorInputStreamTest.java
+++ b/src/test/java/org/apache/commons/compress/compressors/bzip2/BZip2CompressorInputStreamTest.java
@@ -103,30 +103,58 @@ public class BZip2CompressorInputStreamTest {
      * @see https://issues.apache.org/jira/browse/COMPRESS-516
      */
     @Test(expected = IOException.class)
-    public void shouldThrowIOExceptionInsteadofRuntimeExceptionCOMPRESS516() throws Exception {
-        ByteArrayInputStream input = new ByteArrayInputStream(new byte[] {
+    public void shouldThrowIOExceptionInsteadOfRuntimeExceptionCOMPRESS516() throws Exception {
+        fuzzingTest(new int[] {
             0x50, 0x4b, 0x03, 0x04, 0x2e, 0x00, 0x00, 0x00, 0x0c, 0x00,
-            (byte) 0x84, (byte) 0xb6, (byte) 0xba, 0x46, 0x72, (byte) 0xb6, (byte) 0xfe, 0x77, 0x63, 0x00,
+            0x84, 0xb6, 0xba, 0x46, 0x72, 0xb6, 0xfe, 0x77, 0x63, 0x00,
             0x00, 0x00, 0x6b, 0x00, 0x00, 0x00, 0x03, 0x00, 0x1c, 0x00,
-            0x62, 0x62, 0x62, 0x55, 0x54, 0x09, 0x00, 0x03, (byte) 0xe7, (byte) 0xce,
-            0x64, 0x55, (byte) 0xf3, (byte) 0xce, 0x64, 0x55, 0x75, 0x78, 0x0b, 0x00,
-            0x01, 0x04, 0x5c, (byte) 0xf9, 0x01, 0x00, 0x04, (byte) 0x88, 0x13, 0x00,
+            0x62, 0x62, 0x62, 0x55, 0x54, 0x09, 0x00, 0x03, 0xe7, 0xce,
+            0x64, 0x55, 0xf3, 0xce, 0x64, 0x55, 0x75, 0x78, 0x0b, 0x00,
+            0x01, 0x04, 0x5c, 0xf9, 0x01, 0x00, 0x04, 0x88, 0x13, 0x00,
             0x00, 0x42, 0x5a, 0x68, 0x34, 0x31, 0x41, 0x59, 0x26, 0x53,
-            0x59, 0x62, (byte) 0xe4, 0x4f, 0x51, 0x00, 0x00, 0x0d, (byte) 0xd1, (byte) 0x80,
-            0x00, 0x10, 0x40, 0x00, 0x35, (byte) 0xf9, (byte) 0x8b, 0x00, 0x20, 0x00,
-            0x48, (byte) 0x89, (byte) 0xfa, (byte) 0x94, (byte) 0xf2, (byte) 0x9e, 0x29, (byte) 0xe8, (byte) 0xd2, 0x11,
-            (byte) 0x8a, 0x4f, 0x53, 0x34, 0x0f, 0x51, 0x7a, (byte) 0xed, (byte) 0x86, 0x65,
-            (byte) 0xd6, (byte) 0xed, 0x61, (byte) 0xee, 0x68, (byte) 0x89, 0x48, 0x7d, 0x07, (byte) 0x71,
-            (byte) 0x92, 0x2a, 0x50, 0x60, 0x04, (byte) 0x95, 0x61, 0x35, 0x47, 0x73,
-            0x31, 0x29, (byte) 0xc2, (byte) 0xdd, 0x5e, (byte) 0xc7, 0x4a, 0x15, 0x14, 0x32,
-            0x4c, (byte) 0xda, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+            0x59, 0x62, 0xe4, 0x4f, 0x51, 0x00, 0x00, 0x0d, 0xd1, 0x80,
+            0x00, 0x10, 0x40, 0x00, 0x35, 0xf9, 0x8b, 0x00, 0x20, 0x00,
+            0x48, 0x89, 0xfa, 0x94, 0xf2, 0x9e, 0x29, 0xe8, 0xd2, 0x11,
+            0x8a, 0x4f, 0x53, 0x34, 0x0f, 0x51, 0x7a, 0xed, 0x86, 0x65,
+            0xd6, 0xed, 0x61, 0xee, 0x68, 0x89, 0x48, 0x7d, 0x07, 0x71,
+            0x92, 0x2a, 0x50, 0x60, 0x04, 0x95, 0x61, 0x35, 0x47, 0x73,
+            0x31, 0x29, 0xc2, 0xdd, 0x5e, 0xc7, 0x4a, 0x15, 0x14, 0x32,
+            0x4c, 0xda, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
             0x00
         });
-        try (ArchiveInputStream ais =
-             new ArchiveStreamFactory().createArchiveInputStream("zip", input)) {
+    }
+
+    /**
+     * @see https://issues.apache.org/jira/browse/COMPRESS-519
+     */
+    @Test(expected = IOException.class)
+    public void shouldThrowIOExceptionInsteadOfRuntimeExceptionCOMPRESS519() throws Exception {
+        fuzzingTest(new int[] {
+            0x50, 0x4b, 0x03, 0x04, 0x2e, 0x00, 0x00, 0x00, 0x0c, 0x00,
+            0x84, 0xb6, 0xba, 0x46, 0x72, 0xb6, 0xfe, 0x77, 0x63, 0x00,
+            0x00, 0x00, 0x6b, 0x00, 0x00, 0x00, 0x03, 0x00, 0x1c, 0x00,
+            0x62, 0x62, 0x62, 0x55, 0x54, 0x09, 0x00, 0x03, 0xe7, 0xce,
+            0x64, 0x55, 0xf3, 0xce, 0x64, 0x55, 0x75, 0x78, 0x0b, 0x00,
+            0x01, 0x04, 0x5c, 0xf9, 0x01, 0x00, 0x04, 0x88, 0x13, 0x00,
+            0x00, 0x42, 0x5a, 0x68, 0x34, 0x31, 0x41, 0x59, 0x26, 0x53,
+            0x59, 0x62, 0xe4, 0x4f, 0x51, 0x80, 0x00, 0x0d, 0xd1, 0x80,
+            0x00, 0x10, 0x40, 0x00, 0x35, 0xf9, 0x8b, 0x00, 0x20, 0x00,
+            0x48, 0x89, 0xfa, 0x94, 0xf2, 0x9e, 0x29, 0xe8, 0xd2, 0x00,
+            0x00, 0x22, 0x00, 0x00, 0x00, 0x50, 0x4b, 0x03, 0x04, 0x14,
+            0x00, 0x08, 0x00, 0x08, 0x00, 0x00, 0x00, 0x00
+        });
+    }
+
+    private void fuzzingTest(final int[] bytes) throws Exception {
+        final int len = bytes.length;
+        final byte[] input = new byte[len];
+        for (int i = 0; i < len; i++) {
+            input[i] = (byte) bytes[i];
+        }
+        try (ArchiveInputStream ais = new ArchiveStreamFactory()
+             .createArchiveInputStream("zip", new ByteArrayInputStream(input))) {
             ais.getNextEntry();
             IOUtils.toByteArray(ais);
         }
     }
-
 }