[DIRAPI-401] Unhandled Exception (NegativeArraySizeException) in Asn1Decoder - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Resolved
Priority: Major
Resolution: Fixed
Affects Version/s: 2.1.6
Fix Version/s: 2.1.7
Labels:
None

Description

Hello, we think we have found a problem in Asn1Decoder implementation for LDAP messages while fuzzing in version 2.1.6. This problem is unhandled exception (NegativeArraySizeException).

Steps to reproduce:
1. Download Apache Directory LDAP API v2.1.6:
```
wget wget https://github.com/apache/directory-ldap-api/archive/refs/tags/2.1.6.tar.gz
tar xf 2.1.6.tar.gz && rm 2.1.6.tar.gz
```
2. Compile the project (we used jdk-11 and mvn-3.9.6):
```
cd directory-ldap-api-2.1.6
mvn clean package
```
3. Get the reproducer:
```
mkdir fuzz && cd fuzz
mv <path/to/reproducer>/NegativeSizeReproducer.java .
```
4. Compile the reproducer
```
javac -cp .:../asn1/ber/target/classes/:../asn1/api/target/classes/:../ldap/codec/core/target/classes/:../ldap/model/target/classes/:../ldap/codec/core/target/classes/ ./NegativeSizeReproducer.java
```
5. Reproduce the exception:
```
java -cp .:../asn1/ber/target/classes/:../asn1/api/target/classes/:../ldap/codec/core/target/classes/:../ldap/model/target/classes/:../ldap/codec/core/target/classes/:../util/target/classes/:../util/target/classes/:../integ-osgi/target/dependency/slf4j-api-1.7.36.jar:../i18n/target/classes/:../integ-osgi/target/dependency/mina-core-2.2.3.jar NegativeSizeReproducer
```
Found by Linux Verification Center (portal.linuxtesting.ru) with jazzer.
Author L.Reviakin (L.reviakin@fobos-nt.ru)

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending

NegativeSizeReproducer.java
27/May/24 16:46
1 kB
Andrey Slepykh

Activity

People

Assignee:: Unassigned

Reporter:: Andrey Slepykh

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 27/May/24 16:47

Updated:: 27/May/24 21:24

Resolved:: 27/May/24 21:24