This is an automated email from the ASF dual-hosted git repository.
markt-asf pushed a commit to branch 11.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/11.0.x by this push:
new cb1fe918db Additional bounds checks and overflow improvements
cb1fe918db is described below
commit cb1fe918db2e07c0da20cef98a7c1d42638f940f
Author: Mark Thomas <[email protected]>
AuthorDate: Tue May 26 17:48:44 2026 +0100
Additional bounds checks and overflow improvements
---
java/org/apache/tomcat/util/buf/Asn1Parser.java | 9 ++++++---
java/org/apache/tomcat/util/buf/Asn1Writer.java | 6 +++++-
java/org/apache/tomcat/util/buf/LocalStrings.properties | 2 ++
3 files changed, 13 insertions(+), 4 deletions(-)
diff --git a/java/org/apache/tomcat/util/buf/Asn1Parser.java
b/java/org/apache/tomcat/util/buf/Asn1Parser.java
index 103f46d904..7090bf30f8 100644
--- a/java/org/apache/tomcat/util/buf/Asn1Parser.java
+++ b/java/org/apache/tomcat/util/buf/Asn1Parser.java
@@ -257,12 +257,11 @@ public class Asn1Parser {
parseTag(tag);
int len = parseLength();
byte[] result = new byte[len];
- if (pos + result.length <= source.length) {
- System.arraycopy(source, pos, result, 0, result.length);
- } else {
+ if (result.length > source.length - pos) {
throw new
IllegalArgumentException(sm.getString("asn1Parser.truncatedData",
Integer.valueOf(result.length),
Integer.valueOf(source.length - pos)));
}
+ System.arraycopy(source, pos, result, 0, result.length);
pos += result.length;
return result;
}
@@ -274,6 +273,10 @@ public class Asn1Parser {
* @param dest the destination byte array
*/
public void parseBytes(byte[] dest) {
+ if (dest.length > source.length - pos) {
+ throw new
IllegalArgumentException(sm.getString("asn1Parser.truncatedData",
Integer.valueOf(dest.length),
+ Integer.valueOf(source.length - pos)));
+ }
System.arraycopy(source, pos, dest, 0, dest.length);
pos += dest.length;
}
diff --git a/java/org/apache/tomcat/util/buf/Asn1Writer.java
b/java/org/apache/tomcat/util/buf/Asn1Writer.java
index d6f68363c8..e200466cc2 100644
--- a/java/org/apache/tomcat/util/buf/Asn1Writer.java
+++ b/java/org/apache/tomcat/util/buf/Asn1Writer.java
@@ -16,11 +16,15 @@
*/
package org.apache.tomcat.util.buf;
+import org.apache.tomcat.util.res.StringManager;
+
/**
* Utility class for writing ASN.1 DER-encoded data structures.
*/
public class Asn1Writer {
+ private static final StringManager sm =
StringManager.getManager(Asn1Writer.class);
+
/**
* Private constructor to prevent instantiation.
*/
@@ -58,7 +62,7 @@ public class Asn1Writer {
*/
public static byte[] writeInteger(int value) {
if (value < 0) {
- throw new IllegalArgumentException();
+ throw new
IllegalArgumentException(sm.getString("asn1Writer.negativeInteger",
Integer.valueOf(value)));
}
// How many bytes required to write the value? No more than 4 for int.
diff --git a/java/org/apache/tomcat/util/buf/LocalStrings.properties
b/java/org/apache/tomcat/util/buf/LocalStrings.properties
index bd4ec591f7..ef39209ecd 100644
--- a/java/org/apache/tomcat/util/buf/LocalStrings.properties
+++ b/java/org/apache/tomcat/util/buf/LocalStrings.properties
@@ -20,6 +20,8 @@ asn1Parser.lengthInvalid=Invalid length [{0}] bytes reported
when the input data
asn1Parser.tagMismatch=Expected to find value [{0}] but found value [{1}]
asn1Parser.truncatedData=Need [{0}] bytes but only [{1}] are available
+asn1Writer.negativeInteger=Invalid integer [{0}] as values are never negative
in this context
+
b2cConverter.decoderResetFail=Failed to reset instance of decoder for
character set [{0}]
b2cConverter.unknownEncoding=The character encoding [{0}] is not supported
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
