[
https://issues.apache.org/jira/browse/NIFI-13429?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17856823#comment-17856823
]
ASF subversion and git services commented on NIFI-13429:
--------------------------------------------------------
Commit cdb0b8d90cff5929fb7c972520961bbb9790ffc9 in nifi's branch
refs/heads/support/nifi-1.x from David Handermann
[ https://gitbox.apache.org/repos/asf?p=nifi.git;h=cdb0b8d90c ]
NIFI-13429 Corrected EncryptContentPGP Packet Detection
- Added set of expected OpenPGP Packet Tags to avoid misidentification
Signed-off-by: Matt Burgess <[email protected]>
Changed Set.of() for backport
> EncryptContentPGP Packet Detection Invalid for JPEG Files
> ---------------------------------------------------------
>
> Key: NIFI-13429
> URL: https://issues.apache.org/jira/browse/NIFI-13429
> Project: Apache NiFi
> Issue Type: Bug
> Components: Extensions
> Affects Versions: 1.15.0, 1.26.0, 2.0.0-M3
> Reporter: David Handermann
> Assignee: David Handermann
> Priority: Major
>
> The {{EncryptContentPGP}} Processor performs input content evaluation to
> avoid additional wrapping around signed OpenPGP payloads. This content
> evaluation inspects the initial bytes for an OpenPGP Packet Tag, but does not
> evaluate the Packet Type. As a result, some types of input files, such as
> JPEG, can result in incorrect evaluation, producing invalid output from
> {{EncryptContentPGP}}. When attempting to decrypt malformed files in
> {{DecryptContentPGP}}, the following error occurs:
> {noformat}
> DecryptContentPGP[id=3687fd8a-0190-1000-345b-fcaaba5a3e0c] Decryption Failed
> StandardFlowFileRecord[uuid=2c60ab6c-16cd-49c5-b2c8-f4e3d3a8f920,claim=StandardContentClaim
> [resourceClaim=StandardResourceClaim[id=1718901851045-2, container=default,
> section=2], offset=0, length=82192],offset=0,name=unsplash.jpg,size=82192]
> org.bouncycastle.openpgp.PGPRuntimeOperationException: Iterator failed to get
> next object: invalid header encountered
> at org.bouncycastle.openpgp.PGPObjectFactory$1.getObject(Unknown Source)
> at org.bouncycastle.openpgp.PGPObjectFactory$1.hasNext(Unknown Source)
> at
> org.apache.nifi.processors.pgp.DecryptContentPGP$DecryptStreamCallback.getLiteralData(DecryptContentPGP.java:357)
> at
> org.apache.nifi.processors.pgp.DecryptContentPGP$DecryptStreamCallback.getLiteralData(DecryptContentPGP.java:347)
> at
> org.apache.nifi.processors.pgp.DecryptContentPGP$DecryptStreamCallback.process(DecryptContentPGP.java:278)
> at
> org.apache.nifi.controller.repository.StandardProcessSession.write(StandardProcessSession.java:3425)
> at
> org.apache.nifi.processors.pgp.DecryptContentPGP.onTrigger(DecryptContentPGP.java:181)
> at
> org.apache.nifi.processor.AbstractProcessor.onTrigger(AbstractProcessor.java:27)
> at
> org.apache.nifi.controller.StandardProcessorNode.onTrigger(StandardProcessorNode.java:1274)
> at
> org.apache.nifi.controller.tasks.ConnectableTask.invoke(ConnectableTask.java:244)
> at
> org.apache.nifi.controller.scheduling.AbstractTimeBasedSchedulingAgent.lambda$doScheduleOnce$0(AbstractTimeBasedSchedulingAgent.java:59)
> at org.apache.nifi.engine.FlowEngine$2.run(FlowEngine.java:110)
> at
> java.base/java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:572)
> at java.base/java.util.concurrent.FutureTask.run(FutureTask.java:317)
> at
> java.base/java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:304)
> at
> java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1144)
> at
> java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:642)
> at java.base/java.lang.Thread.run(Thread.java:1583)
> Caused by: java.io.IOException: invalid header encountered
> at org.bouncycastle.bcpg.BCPGInputStream.readPacket(Unknown Source)
> at org.bouncycastle.openpgp.PGPSignature.<init>(Unknown Source)
> at org.bouncycastle.openpgp.PGPObjectFactory.nextObject(Unknown Source)
> ... 18 common frames omitted
> {noformat}
> The input packet evaluation should be improved to avoid incorrect
> identification of non-OpenPGP files.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
