You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by co...@apache.org on 2021/04/08 18:07:56 UTC
[cxf] branch master updated: CXF-8454 - DOS vulnerability in bearer
token parsing
This is an automated email from the ASF dual-hosted git repository.
coheigea pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/cxf.git
The following commit(s) were added to refs/heads/master by this push:
new 5ac22a4 CXF-8454 - DOS vulnerability in bearer token parsing
5ac22a4 is described below
commit 5ac22a447d4d141b849e2b49f1a73db1576adc43
Author: Colm O hEigeartaigh <co...@apache.org>
AuthorDate: Thu Apr 8 19:07:20 2021 +0100
CXF-8454 - DOS vulnerability in bearer token parsing
---
.../apache/cxf/jaxrs/json/basic/JsonMapObjectReaderWriter.java | 5 ++++-
.../cxf/jaxrs/json/basic/JsonMapObjectReaderWriterTest.java | 8 ++++++++
2 files changed, 12 insertions(+), 1 deletion(-)
diff --git a/rt/rs/extensions/json-basic/src/main/java/org/apache/cxf/jaxrs/json/basic/JsonMapObjectReaderWriter.java b/rt/rs/extensions/json-basic/src/main/java/org/apache/cxf/jaxrs/json/basic/JsonMapObjectReaderWriter.java
index 9878f75..6c319ab 100644
--- a/rt/rs/extensions/json-basic/src/main/java/org/apache/cxf/jaxrs/json/basic/JsonMapObjectReaderWriter.java
+++ b/rt/rs/extensions/json-basic/src/main/java/org/apache/cxf/jaxrs/json/basic/JsonMapObjectReaderWriter.java
@@ -181,6 +181,9 @@ public class JsonMapObjectReaderWriter {
int from = json.charAt(i) == DQUOTE ? i + 1 : i;
String name = json.substring(from, closingQuote);
int sepIndex = json.indexOf(COLON, closingQuote + 1);
+ if (sepIndex == -1) {
+ throw new UncheckedIOException(new IOException("Error in parsing json"));
+ }
int j = 1;
while (Character.isWhitespace(json.charAt(sepIndex + j))) {
@@ -246,7 +249,7 @@ public class JsonMapObjectReaderWriter {
}
}
- if (value instanceof String) {
+ if (value instanceof String && ((String)value).contains("\\/")) {
// Escape an encoded forward slash
value = ((String) value).replace("\\/", "/");
}
diff --git a/rt/rs/extensions/json-basic/src/test/java/org/apache/cxf/jaxrs/json/basic/JsonMapObjectReaderWriterTest.java b/rt/rs/extensions/json-basic/src/test/java/org/apache/cxf/jaxrs/json/basic/JsonMapObjectReaderWriterTest.java
index 4157cd7..dcd0994 100644
--- a/rt/rs/extensions/json-basic/src/test/java/org/apache/cxf/jaxrs/json/basic/JsonMapObjectReaderWriterTest.java
+++ b/rt/rs/extensions/json-basic/src/test/java/org/apache/cxf/jaxrs/json/basic/JsonMapObjectReaderWriterTest.java
@@ -19,6 +19,7 @@
package org.apache.cxf.jaxrs.json.basic;
+import java.io.UncheckedIOException;
import java.util.Collections;
import java.util.Date;
import java.util.LinkedHashMap;
@@ -140,4 +141,11 @@ public class JsonMapObjectReaderWriterTest {
assertEquals(expectedKid, kid);
}
+ @Test(expected = UncheckedIOException.class)
+ public void testMalformedInput() throws Exception {
+ JsonMapObjectReaderWriter jsonMapObjectReaderWriter = new JsonMapObjectReaderWriter();
+ String s = "{\"nonce\":\"\",:V\"'";
+ jsonMapObjectReaderWriter.fromJson(s);
+ }
+
}
\ No newline at end of file