You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@commons.apache.org by bo...@apache.org on 2020/05/24 08:44:35 UTC
[commons-compress] branch master updated: COMPRESS-521 COMPRESS-522
COMPRESS-525 IOException instead of IllegalArgumentException
This is an automated email from the ASF dual-hosted git repository.
bodewig pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/commons-compress.git
The following commit(s) were added to refs/heads/master by this push:
new aa1bc87 COMPRESS-521 COMPRESS-522 COMPRESS-525 IOException instead of IllegalArgumentException
aa1bc87 is described below
commit aa1bc8720d1186aeb03efff3f7f26cf2d76d2c6a
Author: Stefan Bodewig <bo...@apache.org>
AuthorDate: Sun May 24 10:43:54 2020 +0200
COMPRESS-521 COMPRESS-522 COMPRESS-525 IOException instead of IllegalArgumentException
---
src/changes/changes.xml | 6 ++
.../deflate64/Deflate64CompressorInputStream.java | 6 +-
.../Deflate64CompressorInputStreamTest.java | 69 ++++++++++++++++++++++
3 files changed, 80 insertions(+), 1 deletion(-)
diff --git a/src/changes/changes.xml b/src/changes/changes.xml
index 1d1e1e9..a942390 100644
--- a/src/changes/changes.xml
+++ b/src/changes/changes.xml
@@ -85,6 +85,12 @@ The <action> type attribute can be add,update,fix,remove.
<action issue="COMPRESS-523" type="fix" date="2020-05-23">
Improved detection of corrupt ZIP archives in ZipArchiveInputStream.
</action>
+ <action issue="COMPRESS-521" type="fix" date="2020-05-24">
+ Added improved checks to detect corrupted deflate64 streams and
+ throw the expected IOException rather than obscure
+ RuntimeExceptions.
+ See also COMPRESS-522 and COMPRESS-525.
+ </action>
</release>
<release version="1.20" date="2020-02-08"
description="Release 1.20">
diff --git a/src/main/java/org/apache/commons/compress/compressors/deflate64/Deflate64CompressorInputStream.java b/src/main/java/org/apache/commons/compress/compressors/deflate64/Deflate64CompressorInputStream.java
index 4b3e872..52ca191 100644
--- a/src/main/java/org/apache/commons/compress/compressors/deflate64/Deflate64CompressorInputStream.java
+++ b/src/main/java/org/apache/commons/compress/compressors/deflate64/Deflate64CompressorInputStream.java
@@ -81,7 +81,11 @@ public class Deflate64CompressorInputStream extends CompressorInputStream implem
}
int read = -1;
if (decoder != null) {
- read = decoder.decode(b, off, len);
+ try {
+ read = decoder.decode(b, off, len);
+ } catch (IllegalStateException ex) {
+ throw new IOException("Invalid Defalt64 input", ex);
+ }
compressedBytesRead = decoder.getBytesRead();
count(read);
if (read == -1) {
diff --git a/src/test/java/org/apache/commons/compress/compressors/deflate64/Deflate64CompressorInputStreamTest.java b/src/test/java/org/apache/commons/compress/compressors/deflate64/Deflate64CompressorInputStreamTest.java
index 531a14f..a6cbefd 100644
--- a/src/test/java/org/apache/commons/compress/compressors/deflate64/Deflate64CompressorInputStreamTest.java
+++ b/src/test/java/org/apache/commons/compress/compressors/deflate64/Deflate64CompressorInputStreamTest.java
@@ -17,6 +17,8 @@
*/
package org.apache.commons.compress.compressors.deflate64;
+import org.apache.commons.compress.archivers.ArchiveInputStream;
+import org.apache.commons.compress.archivers.ArchiveStreamFactory;
import org.apache.commons.compress.compressors.CompressorStreamFactory;
import org.apache.commons.compress.utils.IOUtils;
import org.junit.Test;
@@ -27,6 +29,7 @@ import org.mockito.runners.MockitoJUnitRunner;
import java.io.BufferedReader;
import java.io.ByteArrayInputStream;
+import java.io.IOException;
import java.io.InputStream;
import java.io.InputStreamReader;
@@ -176,4 +179,70 @@ public class Deflate64CompressorInputStreamTest {
}
}
+ /**
+ * @see https://issues.apache.org/jira/browse/COMPRESS-521
+ */
+ @Test(expected = IOException.class)
+ public void shouldThrowIOExceptionInsteadOfRuntimeExceptionCOMPRESS521() throws Exception {
+ fuzzingTest(new int[] {
+ 0x50, 0x4b, 0x03, 0x04, 0x2e, 0x00, 0xb6, 0x00, 0x09, 0x00,
+ 0x84, 0xb6, 0xba, 0x46, 0x72, 0x00, 0xfe, 0x77, 0x63, 0x00,
+ 0x00, 0x00, 0x6b, 0x00, 0x00, 0x00, 0x03, 0x00, 0x1c, 0x00,
+ 0x62, 0x62, 0x62, 0x55, 0x54, 0x0c, 0x00, 0x03, 0xe7, 0xce,
+ 0x64, 0x55, 0xf3, 0xce, 0x65, 0x55, 0x75, 0x78, 0x0b, 0x00,
+ 0x01, 0x04, 0x5c, 0xf9, 0x01, 0x00, 0x04, 0x88, 0x13, 0x00,
+ 0x00, 0x42, 0x5a, 0x68, 0x34
+ });
+ }
+
+ /**
+ * @see https://issues.apache.org/jira/browse/COMPRESS-522
+ */
+ @Test(expected = IOException.class)
+ public void shouldThrowIOExceptionInsteadOfRuntimeExceptionCOMPRESS522() throws Exception {
+ fuzzingTest(new int[] {
+ 0x50, 0x4b, 0x03, 0x04, 0x14, 0x00, 0x08, 0x00, 0x09, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00,
+ 0x61, 0x4a, 0x84, 0x02, 0x40, 0x00, 0x01, 0x00, 0xff, 0xff
+ });
+ }
+
+ /**
+ * @see https://issues.apache.org/jira/browse/COMPRESS-525
+ */
+ @Test(expected = IOException.class)
+ public void shouldThrowIOExceptionInsteadOfRuntimeExceptionCOMPRESS525() throws Exception {
+ fuzzingTest(new int[] {
+ 0x50, 0x4b, 0x03, 0x04, 0x14, 0x00, 0x08, 0x00, 0x09, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x78, 0x00,
+ 0x61, 0x4a, 0x04, 0x04, 0x00, 0x00, 0xff, 0xff, 0x50, 0x53,
+ 0x07, 0x08, 0x43, 0xbe, 0xb7, 0xe8, 0x07, 0x00, 0x00, 0x00,
+ 0x01, 0x00, 0x00, 0x00, 0x50, 0x4b, 0x03, 0x04, 0x14, 0x00,
+ 0x08, 0x00, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x01, 0x00, 0x00, 0x00, 0x62, 0x4a, 0x02, 0x04, 0x00, 0x00,
+ 0xff, 0xff, 0x50, 0x4b, 0x7f, 0x08, 0xf9, 0xef, 0xbe, 0x71,
+ 0x07, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x50, 0x4b,
+ 0x03, 0x04, 0x14, 0x00, 0x08, 0x00, 0x08, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x63, 0x4a,
+ 0x06, 0x04, 0x00, 0x00, 0xff, 0xff, 0x50, 0x4b, 0x07, 0x08,
+ 0x6f, 0xdf
+ });
+ }
+
+ private void fuzzingTest(final int[] bytes) throws Exception {
+ final int len = bytes.length;
+ final byte[] input = new byte[len];
+ for (int i = 0; i < len; i++) {
+ input[i] = (byte) bytes[i];
+ }
+ try (ArchiveInputStream ais = new ArchiveStreamFactory()
+ .createArchiveInputStream("zip", new ByteArrayInputStream(input))) {
+ ais.getNextEntry();
+ IOUtils.toByteArray(ais);
+ }
+ }
}