Repository: cxf Updated Branches: refs/heads/3.0.x-fixes 894f9382c -> 0da90b1b9
[CXF-7139] Avoid BufferOverflowException for trailing escape characters, patch from Michael Grant applied, This closes #201 Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/0da90b1b Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/0da90b1b Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/0da90b1b Branch: refs/heads/3.0.x-fixes Commit: 0da90b1b952ead337619d09d5ebe06a7a67397fb Parents: 894f938 Author: Sergey Beryozkin <[email protected]> Authored: Wed Nov 16 23:37:45 2016 +0100 Committer: Sergey Beryozkin <[email protected]> Committed: Wed Nov 16 23:53:03 2016 +0100 ---------------------------------------------------------------------- .../org/apache/cxf/common/util/UrlUtils.java | 2 +- .../apache/cxf/common/util/UrlUtilsTest.java | 49 +++++++++++++++++--- 2 files changed, 44 insertions(+), 7 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/cxf/blob/0da90b1b/core/src/main/java/org/apache/cxf/common/util/UrlUtils.java ---------------------------------------------------------------------- diff --git a/core/src/main/java/org/apache/cxf/common/util/UrlUtils.java b/core/src/main/java/org/apache/cxf/common/util/UrlUtils.java index 9ad6230..fa49a84 100644 --- a/core/src/main/java/org/apache/cxf/common/util/UrlUtils.java +++ b/core/src/main/java/org/apache/cxf/common/util/UrlUtils.java @@ -86,7 +86,7 @@ public final class UrlUtils { if (needDecode) { final byte[] valueBytes = StringUtils.toBytes(value, enc); ByteBuffer in = ByteBuffer.wrap(valueBytes); - ByteBuffer out = ByteBuffer.allocate(in.capacity() - 2 * escapesCount); + ByteBuffer out = ByteBuffer.allocate(in.capacity() - (2 * escapesCount) + 1); while (in.hasRemaining()) { final int b = in.get(); if (!isPath && b == PLUS_CHAR) { http://git-wip-us.apache.org/repos/asf/cxf/blob/0da90b1b/core/src/test/java/org/apache/cxf/common/util/UrlUtilsTest.java ---------------------------------------------------------------------- diff --git a/core/src/test/java/org/apache/cxf/common/util/UrlUtilsTest.java b/core/src/test/java/org/apache/cxf/common/util/UrlUtilsTest.java index b0e25b7..7ae4015 100644 --- a/core/src/test/java/org/apache/cxf/common/util/UrlUtilsTest.java +++ b/core/src/test/java/org/apache/cxf/common/util/UrlUtilsTest.java @@ -42,14 +42,51 @@ public class UrlUtilsTest extends Assert { assertEquals("!$&'()*,;=", UrlUtils.urlDecode("!$&'()*,;=")); } - @Test (expected = IllegalArgumentException.class) - public void testUrlDecodeIncompleteEscape() { - UrlUtils.urlDecode("%2"); + @Test + public void testUrlDecodeIncompleteEscapePatterns() { + + try { + UrlUtils.urlDecode("%"); + fail(); + } catch (Throwable e) { + assertTrue(e instanceof IllegalArgumentException); + assertTrue(e.getMessage().startsWith("Invalid URL encoding")); + } + + try { + UrlUtils.urlDecode("a%%%%"); + fail(); + } catch (Throwable e) { + assertTrue(e instanceof IllegalArgumentException); + assertTrue(e.getMessage().startsWith("Invalid URL encoding")); + } + + try { + UrlUtils.urlDecode("a%2B%"); + fail(); + } catch (Throwable e) { + assertTrue(e instanceof IllegalArgumentException); + assertTrue(e.getMessage().startsWith("Invalid URL encoding")); + } + + try { + UrlUtils.urlDecode("%2"); + fail(); + } catch (Throwable e) { + assertTrue(e instanceof IllegalArgumentException); + assertTrue(e.getMessage().startsWith("Invalid URL encoding")); + } } - @Test (expected = IllegalArgumentException.class) - public void testUrlDecodeInvalidEscape() { - UrlUtils.urlDecode("%2$"); + @Test + public void testUrlDecodeInvalidEscapePattern() { + try { + UrlUtils.urlDecode("%2$"); + fail(); + } catch (Throwable e) { + assertTrue(e instanceof IllegalArgumentException); + assertTrue(e.getMessage().startsWith("Invalid URL encoding")); + } } @Test
