Repository: cxf Updated Branches: refs/heads/3.1.x-fixes 3f66a2b07 -> 606c55e68
[CXF-7139] Avoid BufferOverflowException for trailing escape characters, patch from Michael Grant applied, This closes #201 Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/606c55e6 Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/606c55e6 Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/606c55e6 Branch: refs/heads/3.1.x-fixes Commit: 606c55e684c2e83d5ca770f1355eea239a69e6cf Parents: 3f66a2b Author: Sergey Beryozkin <[email protected]> Authored: Wed Nov 16 23:37:45 2016 +0100 Committer: Sergey Beryozkin <[email protected]> Committed: Wed Nov 16 23:49:48 2016 +0100 ---------------------------------------------------------------------- .../org/apache/cxf/common/util/UrlUtils.java | 2 +- .../apache/cxf/common/util/UrlUtilsTest.java | 49 +++++++++++++++++--- 2 files changed, 44 insertions(+), 7 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/cxf/blob/606c55e6/core/src/main/java/org/apache/cxf/common/util/UrlUtils.java ---------------------------------------------------------------------- diff --git a/core/src/main/java/org/apache/cxf/common/util/UrlUtils.java b/core/src/main/java/org/apache/cxf/common/util/UrlUtils.java index 3b7dd23..0260445 100644 --- a/core/src/main/java/org/apache/cxf/common/util/UrlUtils.java +++ b/core/src/main/java/org/apache/cxf/common/util/UrlUtils.java @@ -87,7 +87,7 @@ public final class UrlUtils { if (needDecode) { final byte[] valueBytes = StringUtils.toBytes(value, enc); ByteBuffer in = ByteBuffer.wrap(valueBytes); - ByteBuffer out = ByteBuffer.allocate(in.capacity() - 2 * escapesCount); + ByteBuffer out = ByteBuffer.allocate(in.capacity() - (2 * escapesCount) + 1); while (in.hasRemaining()) { final int b = in.get(); if (!isPath && b == PLUS_CHAR) { http://git-wip-us.apache.org/repos/asf/cxf/blob/606c55e6/core/src/test/java/org/apache/cxf/common/util/UrlUtilsTest.java ---------------------------------------------------------------------- diff --git a/core/src/test/java/org/apache/cxf/common/util/UrlUtilsTest.java b/core/src/test/java/org/apache/cxf/common/util/UrlUtilsTest.java index b0e25b7..7ae4015 100644 --- a/core/src/test/java/org/apache/cxf/common/util/UrlUtilsTest.java +++ b/core/src/test/java/org/apache/cxf/common/util/UrlUtilsTest.java @@ -42,14 +42,51 @@ public class UrlUtilsTest extends Assert { assertEquals("!$&'()*,;=", UrlUtils.urlDecode("!$&'()*,;=")); } - @Test (expected = IllegalArgumentException.class) - public void testUrlDecodeIncompleteEscape() { - UrlUtils.urlDecode("%2"); + @Test + public void testUrlDecodeIncompleteEscapePatterns() { + + try { + UrlUtils.urlDecode("%"); + fail(); + } catch (Throwable e) { + assertTrue(e instanceof IllegalArgumentException); + assertTrue(e.getMessage().startsWith("Invalid URL encoding")); + } + + try { + UrlUtils.urlDecode("a%%%%"); + fail(); + } catch (Throwable e) { + assertTrue(e instanceof IllegalArgumentException); + assertTrue(e.getMessage().startsWith("Invalid URL encoding")); + } + + try { + UrlUtils.urlDecode("a%2B%"); + fail(); + } catch (Throwable e) { + assertTrue(e instanceof IllegalArgumentException); + assertTrue(e.getMessage().startsWith("Invalid URL encoding")); + } + + try { + UrlUtils.urlDecode("%2"); + fail(); + } catch (Throwable e) { + assertTrue(e instanceof IllegalArgumentException); + assertTrue(e.getMessage().startsWith("Invalid URL encoding")); + } } - @Test (expected = IllegalArgumentException.class) - public void testUrlDecodeInvalidEscape() { - UrlUtils.urlDecode("%2$"); + @Test + public void testUrlDecodeInvalidEscapePattern() { + try { + UrlUtils.urlDecode("%2$"); + fail(); + } catch (Throwable e) { + assertTrue(e instanceof IllegalArgumentException); + assertTrue(e.getMessage().startsWith("Invalid URL encoding")); + } } @Test
