Repository: cxf Updated Branches: refs/heads/master d68073bee -> 5c81fe0db
[CXF-7139] Avoid BufferOverflowException for trailing escape characters, patch from Michael Grant applied, This closes #201 Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/314565cc Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/314565cc Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/314565cc Branch: refs/heads/master Commit: 314565ccb05c88ceb6f19605d1813cabac4fedbc Parents: d68073b Author: Sergey Beryozkin <[email protected]> Authored: Wed Nov 16 23:37:45 2016 +0100 Committer: Sergey Beryozkin <[email protected]> Committed: Wed Nov 16 23:37:45 2016 +0100 ---------------------------------------------------------------------- .../org/apache/cxf/common/util/UrlUtils.java | 2 +- .../apache/cxf/common/util/UrlUtilsTest.java | 49 +++++++++++++++++--- 2 files changed, 44 insertions(+), 7 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/cxf/blob/314565cc/core/src/main/java/org/apache/cxf/common/util/UrlUtils.java ---------------------------------------------------------------------- diff --git a/core/src/main/java/org/apache/cxf/common/util/UrlUtils.java b/core/src/main/java/org/apache/cxf/common/util/UrlUtils.java index 3b7dd23..0260445 100644 --- a/core/src/main/java/org/apache/cxf/common/util/UrlUtils.java +++ b/core/src/main/java/org/apache/cxf/common/util/UrlUtils.java @@ -87,7 +87,7 @@ public final class UrlUtils { if (needDecode) { final byte[] valueBytes = StringUtils.toBytes(value, enc); ByteBuffer in = ByteBuffer.wrap(valueBytes); - ByteBuffer out = ByteBuffer.allocate(in.capacity() - 2 * escapesCount); + ByteBuffer out = ByteBuffer.allocate(in.capacity() - (2 * escapesCount) + 1); while (in.hasRemaining()) { final int b = in.get(); if (!isPath && b == PLUS_CHAR) { http://git-wip-us.apache.org/repos/asf/cxf/blob/314565cc/core/src/test/java/org/apache/cxf/common/util/UrlUtilsTest.java ---------------------------------------------------------------------- diff --git a/core/src/test/java/org/apache/cxf/common/util/UrlUtilsTest.java b/core/src/test/java/org/apache/cxf/common/util/UrlUtilsTest.java index b0e25b7..7ae4015 100644 --- a/core/src/test/java/org/apache/cxf/common/util/UrlUtilsTest.java +++ b/core/src/test/java/org/apache/cxf/common/util/UrlUtilsTest.java @@ -42,14 +42,51 @@ public class UrlUtilsTest extends Assert { assertEquals("!$&'()*,;=", UrlUtils.urlDecode("!$&'()*,;=")); } - @Test (expected = IllegalArgumentException.class) - public void testUrlDecodeIncompleteEscape() { - UrlUtils.urlDecode("%2"); + @Test + public void testUrlDecodeIncompleteEscapePatterns() { + + try { + UrlUtils.urlDecode("%"); + fail(); + } catch (Throwable e) { + assertTrue(e instanceof IllegalArgumentException); + assertTrue(e.getMessage().startsWith("Invalid URL encoding")); + } + + try { + UrlUtils.urlDecode("a%%%%"); + fail(); + } catch (Throwable e) { + assertTrue(e instanceof IllegalArgumentException); + assertTrue(e.getMessage().startsWith("Invalid URL encoding")); + } + + try { + UrlUtils.urlDecode("a%2B%"); + fail(); + } catch (Throwable e) { + assertTrue(e instanceof IllegalArgumentException); + assertTrue(e.getMessage().startsWith("Invalid URL encoding")); + } + + try { + UrlUtils.urlDecode("%2"); + fail(); + } catch (Throwable e) { + assertTrue(e instanceof IllegalArgumentException); + assertTrue(e.getMessage().startsWith("Invalid URL encoding")); + } } - @Test (expected = IllegalArgumentException.class) - public void testUrlDecodeInvalidEscape() { - UrlUtils.urlDecode("%2$"); + @Test + public void testUrlDecodeInvalidEscapePattern() { + try { + UrlUtils.urlDecode("%2$"); + fail(); + } catch (Throwable e) { + assertTrue(e instanceof IllegalArgumentException); + assertTrue(e.getMessage().startsWith("Invalid URL encoding")); + } } @Test
