[
https://issues.apache.org/jira/browse/DIRSERVER-2409?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Emmanuel LĂ©charny resolved DIRSERVER-2409.
------------------------------------------
Fix Version/s: 2.0.0.AM28
Resolution: Fixed
Fixed. I have added a check on the number of bytes of a serialized string,
which must be even, and added a dedicated exception if it's not the case.
> Exception in StringSerializer.deserialize()
> -------------------------------------------
>
> Key: DIRSERVER-2409
> URL: https://issues.apache.org/jira/browse/DIRSERVER-2409
> Project: Directory ApacheDS
> Issue Type: Bug
> Components: jdbm
> Affects Versions: 2.0.0.AM26
> Reporter: Ekaterina Zilotina
> Priority: Major
> Fix For: 2.0.0.AM28
>
> Attachments: DeSerializeFuzzer.java.txt,
> StringSerializer-crash-adc83b19e793491b1c6ea0fd8b46cd9f32e592fc,
> jazzer_output.txt
>
>
> Class: StringSerializer
> Method: deserialize()
> I performed fuzz testing of the
> [deserialize()|https://github.com/apache/directory-server/blob/8c9b56bdcc0703b04b8e2dbdc4f045ed5d83a064/jdbm-partition/src/main/java/org/apache/directory/server/core/partition/impl/btree/jdbm/StringSerializer.java#L54]
> method of StringSerializer class. In result of fuzzing test there is
> ArrayIndexOutOfBoundsExceptionÂ
> {code:java}
> INFO: A corpus is not provided, starting from an empty corpus
> == Java Exception: java.lang.ArrayIndexOutOfBoundsException: Index 1 out of
> bounds for length 1
> at
> org.apache.directory.server.core.partition.impl.btree.jdbm.StringSerializer.deserialize(StringSerializer.java:66)
> at
> fuzzing.StringSerializer.DeSerializeFuzzer.fuzzerTestOneInput(DeSerializeFuzzer.java:33)
> DEDUP_TOKEN: 4c1c61d09464ed94
> == libFuzzer crashing input ==
> MS: 0 ; base unit: 0000000000000000000000000000000000000000
> 0xa,
> \012
> artifact_prefix='StringSerializer-'; Test unit written to
> StringSerializer-crash-adc83b19e793491b1c6ea0fd8b46cd9f32e592fc
> Base64: Cg==
> stat::number_of_executed_units: 2
> stat::average_exec_per_sec: 0
> stat::new_units_added: 0
> stat::slowest_unit_time_sec: 0
> stat::peak_rss_mb: 886
> reproducer_path='fuzzing/StringSerializer/repro'; Java reproducer written to
> fuzzing/StringSerializer/repro/Crash_adc83b19e793491b1c6ea0fd8b46cd9f32e592fc.java
> {code}
> Perhaps should you add another exception types (or base Exception) to the
> deserialize() function signature, or wrap the specified methods in try/catch
> blocks?
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
