Issue Details (XML | Word | Printable)

Key: DIRSERVER-745
Type: Bug Bug
Status: Closed Closed
Resolution: Fixed
Priority: Major Major
Assignee: Emmanuel Lecharny
Reporter: Emmanuel Lecharny
Votes: 0
Watchers: 0
Operations

If you were logged in you would be able to see more operations.
Directory ApacheDS

Decoding of lengths can fail if the PDU is splitted

Created: 21/Sep/06 06:12 AM   Updated: 02/Oct/06 12:14 PM
Return to search
Component/s: None
Affects Version/s: None
Fix Version/s: None

Time Tracking:
Not Specified

Resolution Date: 02/Oct/06 12:14 PM


 Description  « Hide
While reading the ASN.1 decoder code, I found a pretty nasty case where the decoding can fail during length decoding :
if the length is more than 2 bytes long, and if the PDU is splitted just after the second byte, then we can have a BufferUnderFlowException.

This can occur because we are reading the buffe without controlling that we still have some remaining bytes.



 All   Comments   Work Log   Change History   Subversion Commits      Sort Order: Ascending order - Click to sort in descending order
[ Permlink | « Hide ]
Emmanuel Lecharny added a comment - 21/Sep/06 06:13 AM
This issue is not really likely to occurs :
- we must have a PDU which is more than 256 bytes long
- and the length part should be splitted

However, this is still a serious bug (and easy to fix :). Code reviews are *good*

Repository Revision Date User Message
ASF #448550 Thu Sep 21 13:41:37 UTC 2006 elecharny Fixed the BufferUnderFlowException (DIRSERVER-745)
Files Changed
MODIFY /directory/branches/shared/0.9.5/asn1/src/main/java/org/apache/directory/shared/asn1/ber/Asn1Decoder.java

Repository Revision Date User Message
ASF #448552 Thu Sep 21 13:43:31 UTC 2006 elecharny Added a test for DIRSERVER-745
Files Changed
MODIFY /directory/branches/shared/0.9.5/ldap/src/test/java/org/apache/directory/shared/ldap/codec/LdapDecoderTest.java

Repository Revision Date User Message
ASF #448559 Thu Sep 21 14:12:46 UTC 2006 elecharny Appliying patch for DIRSERVER-745
Files Changed
MODIFY /directory/trunks/shared/asn1/src/main/java/org/apache/directory/shared/asn1/ber/Asn1Decoder.java

Repository Revision Date User Message
ASF #448560 Thu Sep 21 14:13:15 UTC 2006 elecharny Adding test for DIRSERVER-745
Files Changed
MODIFY /directory/trunks/shared/ldap/src/test/java/org/apache/directory/shared/ldap/codec/LdapDecoderTest.java

[ Permlink | « Hide ]
Emmanuel Lecharny added a comment - 02/Oct/06 12:14 PM
It has been fixed two weeks ago. It was a bug in the way lengths were handled

Emmanuel Lecharny made changes - 02/Oct/06 12:14 PM
Field Original Value New Value
Status Open [ 1 ] Resolved [ 5 ]
Resolution Fixed [ 1 ]
[ Permlink | « Hide ]
Emmanuel Lecharny added a comment - 02/Oct/06 12:14 PM
fixed

Emmanuel Lecharny made changes - 02/Oct/06 12:14 PM
Status Resolved [ 5 ] Closed [ 6 ]

Powered by a free Atlassian JIRA open source license for Apache Software Foundation. Try JIRA - bug tracking software for your team.
Atlassian JIRA the Professional Issue Tracker. (Enterprise Edition, Version: 3.13.2-#335) - Bug/feature request - Atlassian news - Contact Administrators