You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@commons.apache.org by bo...@apache.org on 2020/05/24 08:44:35 UTC

[commons-compress] branch master updated: COMPRESS-521 COMPRESS-522 COMPRESS-525 IOException instead of IllegalArgumentException

This is an automated email from the ASF dual-hosted git repository.

bodewig pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/commons-compress.git


The following commit(s) were added to refs/heads/master by this push:
     new aa1bc87  COMPRESS-521 COMPRESS-522 COMPRESS-525 IOException instead of IllegalArgumentException
aa1bc87 is described below

commit aa1bc8720d1186aeb03efff3f7f26cf2d76d2c6a
Author: Stefan Bodewig <bo...@apache.org>
AuthorDate: Sun May 24 10:43:54 2020 +0200

    COMPRESS-521 COMPRESS-522 COMPRESS-525 IOException instead of IllegalArgumentException
---
 src/changes/changes.xml                            |  6 ++
 .../deflate64/Deflate64CompressorInputStream.java  |  6 +-
 .../Deflate64CompressorInputStreamTest.java        | 69 ++++++++++++++++++++++
 3 files changed, 80 insertions(+), 1 deletion(-)

diff --git a/src/changes/changes.xml b/src/changes/changes.xml
index 1d1e1e9..a942390 100644
--- a/src/changes/changes.xml
+++ b/src/changes/changes.xml
@@ -85,6 +85,12 @@ The <action> type attribute can be add,update,fix,remove.
       <action issue="COMPRESS-523" type="fix" date="2020-05-23">
         Improved detection of corrupt ZIP archives in ZipArchiveInputStream.
       </action>
+      <action issue="COMPRESS-521" type="fix" date="2020-05-24">
+        Added improved checks to detect corrupted deflate64 streams and
+        throw the expected IOException rather than obscure
+        RuntimeExceptions.
+        See also COMPRESS-522 and COMPRESS-525.
+      </action>
     </release>
     <release version="1.20" date="2020-02-08"
              description="Release 1.20">
diff --git a/src/main/java/org/apache/commons/compress/compressors/deflate64/Deflate64CompressorInputStream.java b/src/main/java/org/apache/commons/compress/compressors/deflate64/Deflate64CompressorInputStream.java
index 4b3e872..52ca191 100644
--- a/src/main/java/org/apache/commons/compress/compressors/deflate64/Deflate64CompressorInputStream.java
+++ b/src/main/java/org/apache/commons/compress/compressors/deflate64/Deflate64CompressorInputStream.java
@@ -81,7 +81,11 @@ public class Deflate64CompressorInputStream extends CompressorInputStream implem
         }
         int read = -1;
         if (decoder != null) {
-            read = decoder.decode(b, off, len);
+            try {
+                read = decoder.decode(b, off, len);
+            } catch (IllegalStateException ex) {
+                throw new IOException("Invalid Defalt64 input", ex);
+            }
             compressedBytesRead = decoder.getBytesRead();
             count(read);
             if (read == -1) {
diff --git a/src/test/java/org/apache/commons/compress/compressors/deflate64/Deflate64CompressorInputStreamTest.java b/src/test/java/org/apache/commons/compress/compressors/deflate64/Deflate64CompressorInputStreamTest.java
index 531a14f..a6cbefd 100644
--- a/src/test/java/org/apache/commons/compress/compressors/deflate64/Deflate64CompressorInputStreamTest.java
+++ b/src/test/java/org/apache/commons/compress/compressors/deflate64/Deflate64CompressorInputStreamTest.java
@@ -17,6 +17,8 @@
  */
 package org.apache.commons.compress.compressors.deflate64;
 
+import org.apache.commons.compress.archivers.ArchiveInputStream;
+import org.apache.commons.compress.archivers.ArchiveStreamFactory;
 import org.apache.commons.compress.compressors.CompressorStreamFactory;
 import org.apache.commons.compress.utils.IOUtils;
 import org.junit.Test;
@@ -27,6 +29,7 @@ import org.mockito.runners.MockitoJUnitRunner;
 
 import java.io.BufferedReader;
 import java.io.ByteArrayInputStream;
+import java.io.IOException;
 import java.io.InputStream;
 import java.io.InputStreamReader;
 
@@ -176,4 +179,70 @@ public class Deflate64CompressorInputStreamTest {
         }
     }
 
+    /**
+     * @see https://issues.apache.org/jira/browse/COMPRESS-521
+     */
+    @Test(expected = IOException.class)
+    public void shouldThrowIOExceptionInsteadOfRuntimeExceptionCOMPRESS521() throws Exception {
+        fuzzingTest(new int[] {
+            0x50, 0x4b, 0x03, 0x04, 0x2e, 0x00, 0xb6, 0x00, 0x09, 0x00,
+            0x84, 0xb6, 0xba, 0x46, 0x72, 0x00, 0xfe, 0x77, 0x63, 0x00,
+            0x00, 0x00, 0x6b, 0x00, 0x00, 0x00, 0x03, 0x00, 0x1c, 0x00,
+            0x62, 0x62, 0x62, 0x55, 0x54, 0x0c, 0x00, 0x03, 0xe7, 0xce,
+            0x64, 0x55, 0xf3, 0xce, 0x65, 0x55, 0x75, 0x78, 0x0b, 0x00,
+            0x01, 0x04, 0x5c, 0xf9, 0x01, 0x00, 0x04, 0x88, 0x13, 0x00,
+            0x00, 0x42, 0x5a, 0x68, 0x34
+        });
+    }
+
+    /**
+     * @see https://issues.apache.org/jira/browse/COMPRESS-522
+     */
+    @Test(expected = IOException.class)
+    public void shouldThrowIOExceptionInsteadOfRuntimeExceptionCOMPRESS522() throws Exception {
+        fuzzingTest(new int[] {
+            0x50, 0x4b, 0x03, 0x04, 0x14, 0x00, 0x08, 0x00, 0x09, 0x00,
+            0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+            0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00,
+            0x61, 0x4a, 0x84, 0x02, 0x40, 0x00, 0x01, 0x00, 0xff, 0xff
+        });
+    }
+
+    /**
+     * @see https://issues.apache.org/jira/browse/COMPRESS-525
+     */
+    @Test(expected = IOException.class)
+    public void shouldThrowIOExceptionInsteadOfRuntimeExceptionCOMPRESS525() throws Exception {
+        fuzzingTest(new int[] {
+            0x50, 0x4b, 0x03, 0x04, 0x14, 0x00, 0x08, 0x00, 0x09, 0x00,
+            0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+            0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x78, 0x00,
+            0x61, 0x4a, 0x04, 0x04, 0x00, 0x00, 0xff, 0xff, 0x50, 0x53,
+            0x07, 0x08, 0x43, 0xbe, 0xb7, 0xe8, 0x07, 0x00, 0x00, 0x00,
+            0x01, 0x00, 0x00, 0x00, 0x50, 0x4b, 0x03, 0x04, 0x14, 0x00,
+            0x08, 0x00, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+            0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+            0x01, 0x00, 0x00, 0x00, 0x62, 0x4a, 0x02, 0x04, 0x00, 0x00,
+            0xff, 0xff, 0x50, 0x4b, 0x7f, 0x08, 0xf9, 0xef, 0xbe, 0x71,
+            0x07, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x50, 0x4b,
+            0x03, 0x04, 0x14, 0x00, 0x08, 0x00, 0x08, 0x00, 0x00, 0x00,
+            0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+            0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x63, 0x4a,
+            0x06, 0x04, 0x00, 0x00, 0xff, 0xff, 0x50, 0x4b, 0x07, 0x08,
+            0x6f, 0xdf
+        });
+    }
+
+    private void fuzzingTest(final int[] bytes) throws Exception {
+        final int len = bytes.length;
+        final byte[] input = new byte[len];
+        for (int i = 0; i < len; i++) {
+            input[i] = (byte) bytes[i];
+        }
+        try (ArchiveInputStream ais = new ArchiveStreamFactory()
+             .createArchiveInputStream("zip", new ByteArrayInputStream(input))) {
+            ais.getNextEntry();
+            IOUtils.toByteArray(ais);
+        }
+    }
 }