[jira] [Commented] (DIRAPI-414) NullPointerException in LdapEncoder.encodeMessage

Mon, 11 Nov 2024 14:37:11 -0800 


    [ 
https://issues.apache.org/jira/browse/DIRAPI-414?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17897287#comment-17897287
 ] 

Emmanuel Lécharny commented on DIRAPI-414:
------------------------------------------

Hi,

there are a lot of missing NPE checks in the encoder functions.

I'll review them and fix what I can.

thanks!


> NullPointerException in LdapEncoder.encodeMessage
> -------------------------------------------------
>
>                 Key: DIRAPI-414
>                 URL: https://issues.apache.org/jira/browse/DIRAPI-414
>             Project: Directory Client API
>          Issue Type: Bug
>    Affects Versions: 2.1.7
>            Reporter: Andrey Slepykh
>            Priority: Major
>         Attachments: ReproducerNullPointerException.java
>
>
> Hi, we were fuzzing Asn1Decoder and have found NullPointerException in 
> encoding.
> Steps to reproduce:
> 1. Download Apache Directory LDAP API v2.1.7:
> {{{code:bash}}}
> {{wget wget 
> [https://github.com/apache/directory-ldap-api/archive/refs/tags/2.1.7.tar.gz]}}
> {{tar xf 2.1.7.tar.gz && rm 2.1.7.tar.gz}}
> {{{code}}}
> 2. Compile the project (we used jdk-11 and mvn-3.9.6):
> {{{code:bash}}}
> {{cd directory-ldap-api-2.1.7}}
> {{mvn clean package}}
> {{{code}}}
> 3. Get the reproducer:
> {{{code:bash}}}
> {{mkdir fuzz && cd fuzz}}
> {{mv <path/to/reproducer>/ReproducerNullPointerException.java .}}
> {{{code}}}
> 4. Compile the reproducer:
> {{{}{}}}{{{}{code:bash}{}}}
> javac -cp 
> .:../../asn1/ber/target/classes/:../../asn1/api/target/classes/:../../ldap/codec/core/target/classes/:../../ldap/model/target/classes/:../../ldap/codec/core/target/classes/
>  ./{{{}ReproducerNullPointerException.java{}}}
> {{{code}}}
> 5. Reproduce the exception:
> {{{code:bash}}}
> java -cp 
> .:../../asn1/ber/target/classes/:../../asn1/api/target/classes/:../../ldap/codec/core/target/classes/:../../ldap/model/target/classes/:../../ldap/codec/core/target/classes/:../../util/target/classes/:../../util/target/classes/:../../integ-osgi/target/dependency/slf4j-api-1.7.36.jar:../../i18n/target/classes/:../../integ-osgi/target/dependency/mina-core-2.2.3.jar
>  ReproducerNullPointerException{{{}{}}}
> {{{}{}}}{{{}{code}{}}}
> {{{}{}}}Found by Linux Verification Center (portal.linuxtesting.ru) with 
> jazzer.
> Author L.Reviakin (l.revia...@fobos-nt.ru){{{}{}}}{{{}{}}}
> {{{}{}}}{{{}{}}}
> {{{}{}}}{{{}{}}}
> {{}}



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@directory.apache.org
For additional commands, e-mail: dev-h...@directory.apache.org

Reply via email to